Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/models
History
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681) 
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
 		2021-10-27 11:33:07 -03:00
..
about_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
admin_dashboard_problem_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
api_key_spec.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
application_request_spec.rb DEV: Clean up some Redis leaks in test env. 2020-05-18 17:27:37 +08:00
badge_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
badge_type_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
bookmark_spec.rb DEV: Add for_topic column to bookmarks (#14343) 2021-09-15 11:29:22 +10:00
category_featured_topic_spec.rb FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
category_group_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
category_list_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
category_spec.rb FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
category_user_spec.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
child_theme_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_color_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_spec.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
developer_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
digest_email_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
directory_item_spec.rb DEV: improve flaky spec 2019-10-04 11:11:03 +10:00
discourse_single_sign_on_spec.rb DEV: simplify username suggester (#14531) 2021-10-27 14:41:24 +04:00
do_not_disturb_timing_spec.rb FEATURE: Do not disturb (#11484) 2020-12-18 09:03:51 -06:00
draft_sequence_spec.rb FIX: Update draft count when sequence is increased (#13940) 2021-08-04 13:30:37 +03:00
draft_spec.rb FIX: Update draft count after creating a post (#13884) 2021-07-29 17:06:11 +03:00
email_change_request_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
email_log_spec.rb FEATURE: Use group SMTP job and mailer instead of UserNotifications change (#13489) 2021-06-28 08:55:13 +10:00
email_token_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
embeddable_host_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
emoji_spec.rb FEATURE: Render emojis on GitHub labels when oneboxing an issue. (#13531) 2021-06-25 14:48:36 -03:00
given_daily_like_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
global_setting_spec.rb Build(deps): Bump rubocop from 1.18.2 to 1.18.3 (#13653) 2021-07-07 01:51:43 +02:00
group_archived_message_spec.rb FEATURE: Display unread and new counts for messages. (#14059) 2021-08-25 11:17:56 +08:00
group_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
group_spec.rb FIX: better filter for groups search (#14262) 2021-09-08 09:38:45 +10:00
group_user_spec.rb FIX: use active record `update_attribute` instead of mini sql. (#14367) 2021-09-21 09:29:12 +08:00
incoming_link_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
incoming_links_report_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
invite_redeemer_spec.rb FIX: Allow invites if must_approve_users is true (#13257) 2021-06-07 18:57:08 +03:00
invite_spec.rb FEATURE: Warn if invited user cannot see topic (#13548) 2021-07-06 12:49:26 +03:00
javascript_cache_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
locale_site_setting_spec.rb use more appropriate labels for chinese UI option 2021-07-27 22:47:59 +08:00
mailing_list_mode_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
notification_spec.rb DEV: Support translated title in desktop/notifications (#14325) 2021-09-14 09:57:38 -05:00
optimized_image_spec.rb DEV: Remove the remaining Travis code (#13255) 2021-06-02 20:29:47 +02:00
permalink_spec.rb DEV: Deprecate Category#url_with_id in favor of Category#url (#9972) 2020-06-18 11:32:14 +03:00
plugin_store_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
post_action_type_spec.rb FIX: Clear post action types application serializer fragment cache. 2021-06-04 09:14:49 +08:00
post_analyzer_spec.rb FIX: Improve anchor links (#12683) 2021-04-14 10:27:07 +03:00
post_detail_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_mover_spec.rb FIX: nil the baked version after moving the posts. (#14483) 2021-10-12 17:31:18 +11:00
post_reply_key_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_reply_spec.rb DEV: update dependencies and add notes about exceptions 2019-12-06 13:00:28 +11:00
post_spec.rb FIX: Show right message when permanently deleting topic (#14717) 2021-10-26 18:31:15 +03:00
post_timing_spec.rb FEATURE: Add last visit indication to topic view page. (#13471) 2021-07-05 14:17:31 +08:00
post_upload_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
private_message_topic_tracking_state_spec.rb FIX: Do not publish post for PM topic tracking if not new for user. (#14469) 2021-09-29 13:54:24 +08:00
published_page_spec.rb FEATURE: Support for publishing topics as pages (#9364) 2020-04-08 12:52:36 -04:00
quoted_post_spec.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
remote_theme_spec.rb FEATURE: Introduce theme/component QUnit tests (take 2) (#12661) 2021-04-12 15:02:58 +03:00
report_spec.rb FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
reviewable_claimed_topic_spec.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
reviewable_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
reviewable_post_spec.rb FEATURE: Review every post using the review queue. (#12734) 2021-04-21 08:41:36 -03:00
reviewable_queued_post_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
reviewable_score_spec.rb FIX: Recalculate scores only when approving or transitioning to pending. (#13009) 2021-05-10 14:09:04 -03:00
reviewable_spec.rb FIX: Check type of existing reviewables when new reviewable is created (#13662) 2021-07-07 11:45:00 -05:00
reviewable_user_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
s3_region_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
screened_email_spec.rb FEATURE: when blocking emails prefer blocking canonical 2020-04-24 14:09:51 +10:00
screened_ip_address_spec.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
screened_url_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
search_log_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_setting_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
site_spec.rb FIX: Missing category edit icon. 2021-06-28 10:54:23 +08:00
skipped_email_log_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
stylesheet_cache_spec.rb PERF: Add scheduled job to delete old stylesheet cache rows (#13747) 2021-07-16 10:58:01 -04:00
tag_group_spec.rb FIX: remove parent tag from tag group 2020-03-13 12:25:58 -04:00
tag_spec.rb FIX: URL encode tag name (#11393) 2020-12-02 12:36:41 +05:30
tag_user_spec.rb FIX: Wrong scope used for notification levels user serializer (#13039) 2021-05-14 09:45:14 +10:00
theme_field_spec.rb FIX: do not raise exception when svg path is nil (#13844) 2021-07-26 12:35:27 +10:00
theme_modifier_set_spec.rb DEV: Allow plugins to add theme modifiers via db migrations (#9192) 2020-03-12 16:35:28 +00:00
theme_spec.rb DEV: use upload id to save in theme setting instead of URL. (#14341) 2021-09-16 07:58:53 +05:30
top_menu_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
top_topic_spec.rb DEV: correct spec failures in PG 12 2019-11-26 16:39:14 +11:00
topic_allowed_user_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_converter_spec.rb FIX: Limit personal message participants when converting from topic (#9343) 2020-04-03 16:42:01 +01:00
topic_embed_spec.rb DEV: Fix rubocop issues (#14715) 2021-10-27 11:39:28 +03:00
topic_featured_users_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_group_spec.rb FIX: Constraint error when inserting the same topic group twice 2019-12-12 13:10:46 -05:00
topic_invite_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_link_click_spec.rb DEV: Clean up S3 specs, stubs, and helpers 2020-09-28 12:02:25 +01:00
topic_link_spec.rb DEV: Prefer .pluck_first over .pluck.first (#13607) 2021-07-02 10:03:54 +08:00
topic_list_spec.rb FIX: new-topic route with sub-category and tags were broken (#12503) 2021-03-24 19:54:29 +05:30
topic_participants_summary_spec.rb DEV: Better topic participants summary spec 2019-11-18 09:43:14 -05:00
topic_posters_summary_spec.rb Fix i18n issues reported on Crowdin (#11747) 2021-02-02 10:50:04 +01:00
topic_spec.rb FIX: Show right message when permanently deleting topic (#14717) 2021-10-26 18:31:15 +03:00
topic_tag_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_thumbnail_spec.rb PERF: we don't need to use a huge image to test thumbnails (#11025) 2020-10-27 12:39:52 +11:00
topic_timer_spec.rb FIX: Remove legacy topic timer code (#13544) 2021-06-29 09:16:25 +10:00
topic_tracking_state_spec.rb FIX: topic_tracking_state not erroring when missing user_stat (#14559) 2021-10-11 13:20:55 +11:00
topic_user_spec.rb FEATURE: Publish read topic tracking events for private messages. (#14274) 2021-09-09 09:16:53 +08:00
topic_view_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
translation_override_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
trust_level3_requirements_spec.rb DEV: Update tl3 spec to remove hard-coded primary keys 2020-04-17 17:24:14 +01:00
trust_level_and_staff_setting_spec.rb DEV: Fix another flaky spec 2021-06-08 09:54:37 +08:00
trust_level_setting_spec.rb DEV: Fix flaky test due to locale cache poisoning 2021-06-08 13:13:38 +10:00
unsubscribe_key_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_spec.rb FIX: manually adds frowning_face_with_open_mouth for apple (#13528) 2021-07-21 23:27:20 +02:00
user_action_spec.rb FIX: Correctly publish messages unconditionally to admins (#13053) 2021-05-20 16:58:27 +10:00
user_api_key_spec.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
user_archived_message_spec.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
user_auth_token_spec.rb DEV: Improve flaky time-sensitive specs (#9141) 2020-03-10 22:13:17 +01:00
user_avatar_spec.rb FIX: reset gravatar cache by adding random param to URL (#9370) 2020-04-08 07:35:42 +10:00
user_badge_spec.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_bookmark_list_spec.rb FEATURE: Go to last unread for topic-level bookmark links (#14396) 2021-09-21 13:49:56 +10:00
user_email_spec.rb FIX: : trigger `user_updated` event only if email changed after user creation. 2020-07-16 18:21:30 +05:30
user_export_spec.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field_spec.rb DEV: Sanitize HTML admin inputs (#14681) 2021-10-27 11:33:07 -03:00
user_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_notification_schedule_spec.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
user_option_spec.rb DEV: UserOption.user_tzinfo (#14088) 2021-08-19 21:56:14 +02:00
user_profile_spec.rb FIX: Make sure rel attributes are correctly set. (#10645) 2020-09-10 12:59:51 -03:00
user_profile_view_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_search_spec.rb FIX: Show user filter hints when typing `@` in search (#13799) 2021-07-21 09:14:53 -04:00
user_second_factor_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_spec.rb FIX: Query the items in the queue to calculate a user's flagged post count. (#14028) 2021-08-12 14:20:46 -03:00
user_stat_spec.rb FEATURE: Show draft count in user menu and activity (#13812) 2021-07-27 14:05:33 +03:00
user_summary_spec.rb FIX: Ensure the top 6 categories are shown in the user summary (#12691) 2021-04-15 11:05:03 +01:00
user_visit_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
username_validator_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
watched_word_spec.rb DEV: Add test for link watched words (#13251) 2021-06-03 11:36:07 +10:00
web_crawler_request_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook_event_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
web_hook_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00