Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/models
History
Roman Rizzi 5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539) 
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
 		2022-01-18 09:38:31 -03:00
..
about_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
admin_dashboard_data_spec.rb FEATURE: Scheduled problem checks for admin dashboard (#15327) 2021-12-20 09:59:11 +10:00
api_key_scope_spec.rb FIX: Missing allowed urls when displaying granualar API key scopes. 2021-12-07 10:17:17 +08:00
api_key_spec.rb FEATURE: Add read-only scope to API keys (#14856) 2021-11-10 17:48:00 +02:00
application_request_spec.rb DEV: Clean up some Redis leaks in test env. 2020-05-18 17:27:37 +08:00
associated_group_spec.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
badge_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
badge_type_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
bookmark_spec.rb DEV: Add for_topic column to bookmarks (#14343) 2021-09-15 11:29:22 +10:00
category_featured_topic_spec.rb FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
category_group_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
category_list_spec.rb FIX: exclude topics from muted tag in category featured list. (#14925) 2021-11-16 12:10:50 +05:30
category_spec.rb FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
category_user_spec.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
child_theme_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_color_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_spec.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
developer_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
digest_email_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
directory_item_spec.rb DEV: improve flaky spec 2019-10-04 11:11:03 +10:00
discourse_connect_spec.rb DEV: rename single_sign_on classes to discourse_connect (#15332) 2022-01-06 16:28:46 +04:00
do_not_disturb_timing_spec.rb FEATURE: Do not disturb (#11484) 2020-12-18 09:03:51 -06:00
draft_sequence_spec.rb FIX: Update draft count when sequence is increased (#13940) 2021-08-04 13:30:37 +03:00
draft_spec.rb FIX: Select correct topic draft for user (#15234) 2021-12-08 15:23:44 +02:00
email_change_request_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
email_log_spec.rb FEATURE: Use group SMTP job and mailer instead of UserNotifications change (#13489) 2021-06-28 08:55:13 +10:00
email_token_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
embeddable_host_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
emoji_spec.rb FEATURE: Render emojis on GitHub labels when oneboxing an issue. (#13531) 2021-06-25 14:48:36 -03:00
given_daily_like_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
global_setting_spec.rb Build(deps): Bump rubocop from 1.18.2 to 1.18.3 (#13653) 2021-07-07 01:51:43 +02:00
group_archived_message_spec.rb FEATURE: Display unread and new counts for messages. (#14059) 2021-08-25 11:17:56 +08:00
group_associated_group_spec.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
group_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
group_spec.rb DEV: Move imap_helper to spec/support directory (#14776) 2021-10-29 20:46:25 +02:00
group_user_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
incoming_link_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
incoming_links_report_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
invite_redeemer_spec.rb FIX: Allow invites if must_approve_users is true (#13257) 2021-06-07 18:57:08 +03:00
invite_spec.rb FIX: Mark invites flash messages as HTML safe. (#15539) 2022-01-18 09:38:31 -03:00
javascript_cache_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
locale_site_setting_spec.rb use more appropriate labels for chinese UI option 2021-07-27 22:47:59 +08:00
mailing_list_mode_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
notification_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
optimized_image_spec.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
permalink_spec.rb DEV: Deprecate Category#url_with_id in favor of Category#url (#9972) 2020-06-18 11:32:14 +03:00
plugin_store_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_spec.rb PERF: Shave off some test-suite time (#15183) 2021-12-03 14:54:07 -06:00
post_action_type_spec.rb FIX: Clear post action types application serializer fragment cache. 2021-06-04 09:14:49 +08:00
post_analyzer_spec.rb FIX: Improve anchor links (#12683) 2021-04-14 10:27:07 +03:00
post_detail_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_mover_spec.rb FIX: nil the baked version after moving the posts. (#14483) 2021-10-12 17:31:18 +11:00
post_reply_key_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_reply_spec.rb DEV: update dependencies and add notes about exceptions 2019-12-06 13:00:28 +11:00
post_spec.rb PERF: Speed up the tests by pre-fabricating more things (#15318) 2021-12-15 11:41:14 -06:00
post_timing_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
post_upload_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
private_message_topic_tracking_state_spec.rb FIX: Do not publish post for PM topic tracking if not new for user. (#14469) 2021-09-29 13:54:24 +08:00
published_page_spec.rb FEATURE: Support for publishing topics as pages (#9364) 2020-04-08 12:52:36 -04:00
quoted_post_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
remote_theme_spec.rb FEATURE: Introduce theme/component QUnit tests (take 2) (#12661) 2021-04-12 15:02:58 +03:00
report_spec.rb Add three reports (#14338) 2021-12-02 22:41:55 +05:30
reviewable_claimed_topic_spec.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post_spec.rb DEV: Retroactively add test for ignoring flagged responses (#15491) 2022-01-07 11:53:31 -06:00
reviewable_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
reviewable_post_spec.rb FEATURE: Review every post using the review queue. (#12734) 2021-04-21 08:41:36 -03:00
reviewable_queued_post_spec.rb FEATURE: Display pending posts on user’s page 2021-11-29 10:26:33 +01:00
reviewable_score_spec.rb FIX: Recalculate scores only when approving or transitioning to pending. (#13009) 2021-05-10 14:09:04 -03:00
reviewable_spec.rb FIX: Check type of existing reviewables when new reviewable is created (#13662) 2021-07-07 11:45:00 -05:00
reviewable_user_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
s3_region_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
screened_email_spec.rb FEATURE: when blocking emails prefer blocking canonical 2020-04-24 14:09:51 +10:00
screened_ip_address_spec.rb FEATURE: Search screened IP address in blocks (#15461) 2022-01-11 09:16:51 +02:00
screened_url_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
search_log_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_setting_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
site_spec.rb FIX: Missing category edit icon. 2021-06-28 10:54:23 +08:00
skipped_email_log_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
stylesheet_cache_spec.rb PERF: Add scheduled job to delete old stylesheet cache rows (#13747) 2021-07-16 10:58:01 -04:00
tag_group_spec.rb FIX: remove parent tag from tag group 2020-03-13 12:25:58 -04:00
tag_spec.rb FIX: URL encode tag name (#11393) 2020-12-02 12:36:41 +05:30
tag_user_spec.rb SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
theme_field_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
theme_modifier_set_spec.rb DEV: Allow plugins to add theme modifiers via db migrations (#9192) 2020-03-12 16:35:28 +00:00
theme_spec.rb FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
top_menu_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
top_topic_spec.rb DEV: correct spec failures in PG 12 2019-11-26 16:39:14 +11:00
topic_allowed_user_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_converter_spec.rb FIX: Limit personal message participants when converting from topic (#9343) 2020-04-03 16:42:01 +01:00
topic_embed_spec.rb FIX: Convert URLs embedded topics to absolute form (#14975) 2021-11-17 16:39:49 +11:00
topic_featured_users_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_group_spec.rb FIX: Constraint error when inserting the same topic group twice 2019-12-12 13:10:46 -05:00
topic_invite_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_link_click_spec.rb DEV: Clean up S3 specs, stubs, and helpers 2020-09-28 12:02:25 +01:00
topic_link_spec.rb FIX: Hide links to muted topics and in categories list (#14761) 2021-10-29 17:52:23 +03:00
topic_list_spec.rb FIX: Don't allow NULL values for `notification_level` in `category_users` (#15407) 2021-12-29 09:19:39 +11:00
topic_participants_summary_spec.rb DEV: Better topic participants summary spec 2019-11-18 09:43:14 -05:00
topic_posters_summary_spec.rb Fix i18n issues reported on Crowdin (#11747) 2021-02-02 10:50:04 +01:00
topic_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
topic_tag_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_thumbnail_spec.rb PERF: we don't need to use a huge image to test thumbnails (#11025) 2020-10-27 12:39:52 +11:00
topic_timer_spec.rb FIX: Remove legacy topic timer code (#13544) 2021-06-29 09:16:25 +10:00
topic_tracking_state_spec.rb FIX: Don't allow NULL values for `notification_level` in `category_users` (#15407) 2021-12-29 09:19:39 +11:00
topic_user_spec.rb FEATURE: Publish read topic tracking events for private messages. (#14274) 2021-09-09 09:16:53 +08:00
topic_view_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
translation_override_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
trust_level3_requirements_spec.rb DEV: Update tl3 spec to remove hard-coded primary keys 2020-04-17 17:24:14 +01:00
trust_level_and_staff_setting_spec.rb DEV: Fix another flaky spec 2021-06-08 09:54:37 +08:00
trust_level_setting_spec.rb DEV: Fix flaky test due to locale cache poisoning 2021-06-08 13:13:38 +10:00
unsubscribe_key_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_spec.rb FIX: manually adds frowning_face_with_open_mouth for apple (#13528) 2021-07-21 23:27:20 +02:00
user_action_spec.rb PERF: Speed up the tests by pre-fabricating more things (#15318) 2021-12-15 11:41:14 -06:00
user_api_key_spec.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
user_archived_message_spec.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
user_associated_group_spec.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
user_auth_token_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
user_avatar_spec.rb FIX: reset gravatar cache by adding random param to URL (#9370) 2020-04-08 07:35:42 +10:00
user_badge_spec.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_bookmark_list_spec.rb FEATURE: Go to last unread for topic-level bookmark links (#14396) 2021-09-21 13:49:56 +10:00
user_email_spec.rb FEATURE: Add email normalization rules setting (#14593) 2021-11-24 11:30:06 +02:00
user_export_spec.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
user_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_notification_schedule_spec.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
user_option_spec.rb DEV: Avoid `$` globals (#15453) 2022-01-08 23:39:46 +01:00
user_profile_spec.rb FIX: Make sure rel attributes are correctly set. (#10645) 2020-09-10 12:59:51 -03:00
user_profile_view_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_search_spec.rb FIX: when composing a message do not suggest deleted posts users (#15488) 2022-01-07 17:06:11 +05:30
user_second_factor_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
user_stat_spec.rb DEV: Fix intermittent failing spec. (#15308) 2021-12-15 09:51:46 +01:00
user_summary_spec.rb FIX: exclude moderator_action post for reply count in user summary. (#14991) 2021-11-18 13:42:03 +05:30
user_visit_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
username_validator_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
watched_word_spec.rb DEV: Add test for link watched words (#13251) 2021-06-03 11:36:07 +10:00
web_crawler_request_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook_event_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
web_hook_spec.rb FIX: Pass category and tag IDs to the emit webhook event job. (#15568) 2022-01-14 11:17:38 -03:00