fix(email): sanitize user message
This commit is contained in:
Colin Darie
parent
adb161466e
commit
fd7839773b
5 changed files with 18 additions and 5 deletions
|
|
@ -44,6 +44,13 @@ RSpec.describe InviteMailer, type: :mailer do
|
|||
expect { invite }.to have_enqueued_job.on_queue(Rails.application.config.action_mailer.deliver_later_queue_name)
|
||||
end
|
||||
end
|
||||
|
||||
context 'message contains malicious link' do
|
||||
let(:invite) { create(:invite, user: create(:user), message: "Coucou\n<a href=\"https://malicious.site\">trusted anchor</a>") }
|
||||
it 'sanitize message' do
|
||||
expect(subject.body.decoded).to match(%r{<p>Coucou\s+<br />trusted anchor</p>})
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '.invite_guest' do
|
||||
|
|
@ -88,5 +95,12 @@ RSpec.describe InviteMailer, type: :mailer do
|
|||
expect { invite }.to have_enqueued_job.on_queue(Rails.application.config.action_mailer.deliver_later_queue_name)
|
||||
end
|
||||
end
|
||||
|
||||
context 'message contains malicious link' do
|
||||
let(:invite) { create(:invite, user: create(:user), message: "Coucou\n<a href=\"https://malicious.site\">trusted anchor</a>") }
|
||||
it 'sanitize message' do
|
||||
expect(subject.body.decoded).to match(%r{<p>Coucou\s+<br />trusted anchor</p>})
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue