mirror of
https://github.com/samsonjs/samhuri.net.git
synced 2026-03-29 09:35:54 +00:00
47 lines
1.1 KiB
Ruby
47 lines
1.1 KiB
Ruby
require "spec_helper"
|
|
|
|
RSpec.describe Pressa::Views::Layout do
|
|
let(:test_content_view) do
|
|
Class.new(Phlex::HTML) do
|
|
def view_template
|
|
article do
|
|
h1 { "Hello" }
|
|
end
|
|
end
|
|
end.new
|
|
end
|
|
|
|
let(:site) do
|
|
Pressa::Site.new(
|
|
author: "Sami Samhuri",
|
|
email: "sami@samhuri.net",
|
|
title: "samhuri.net",
|
|
description: "blog",
|
|
url: "https://samhuri.net"
|
|
)
|
|
end
|
|
|
|
it "renders child components as HTML instead of escaped text" do
|
|
html = described_class.new(
|
|
site:,
|
|
canonical_url: "https://samhuri.net/posts/",
|
|
content: test_content_view
|
|
).call
|
|
|
|
expect(html).to include("<article>")
|
|
expect(html).to include("<h1>Hello</h1>")
|
|
expect(html).not_to include("<article>")
|
|
end
|
|
|
|
it "keeps escaping enabled for untrusted string fields" do
|
|
subtitle = "<img src=x onerror=alert(1)>"
|
|
html = described_class.new(
|
|
site:,
|
|
canonical_url: "https://samhuri.net/posts/",
|
|
page_subtitle: subtitle,
|
|
content: test_content_view
|
|
).call
|
|
|
|
expect(html).to include("<title>samhuri.net: <img src=x onerror=alert(1)></title>")
|
|
end
|
|
end
|