mirror of
https://github.com/samsonjs/samhuri.net.git
synced 2026-04-16 12:25:53 +00:00
66 lines
1.7 KiB
Ruby
66 lines
1.7 KiB
Ruby
require "spec_helper"
|
|
|
|
RSpec.describe Pressa::Views::Layout do
|
|
let(:test_content_view) do
|
|
Class.new(Phlex::HTML) do
|
|
def view_template
|
|
article do
|
|
h1 { "Hello" }
|
|
end
|
|
end
|
|
end.new
|
|
end
|
|
|
|
let(:site) do
|
|
Pressa::Site.new(
|
|
author: "Sami Samhuri",
|
|
email: "sami@samhuri.net",
|
|
title: "samhuri.net",
|
|
description: "blog",
|
|
url: "https://samhuri.net"
|
|
)
|
|
end
|
|
|
|
it "renders child components as HTML instead of escaped text" do
|
|
html = described_class.new(
|
|
site:,
|
|
canonical_url: "https://samhuri.net/posts/",
|
|
content: test_content_view
|
|
).call
|
|
|
|
expect(html).to include("<article>")
|
|
expect(html).to include("<h1>Hello</h1>")
|
|
expect(html).not_to include("<article>")
|
|
end
|
|
|
|
it "keeps escaping enabled for untrusted string fields" do
|
|
subtitle = "<img src=x onerror=alert(1)>"
|
|
html = described_class.new(
|
|
site:,
|
|
canonical_url: "https://samhuri.net/posts/",
|
|
page_subtitle: subtitle,
|
|
content: test_content_view
|
|
).call
|
|
|
|
expect(html).to include("<title>samhuri.net: <img src=x onerror=alert(1)></title>")
|
|
end
|
|
|
|
it "preserves absolute stylesheet URLs" do
|
|
cdn_site = Pressa::Site.new(
|
|
author: "Sami Samhuri",
|
|
email: "sami@samhuri.net",
|
|
title: "samhuri.net",
|
|
description: "blog",
|
|
url: "https://samhuri.net",
|
|
styles: [Pressa::Stylesheet.new(href: "https://cdn.example.com/site.css")]
|
|
)
|
|
|
|
html = described_class.new(
|
|
site: cdn_site,
|
|
canonical_url: "https://samhuri.net/posts/",
|
|
content: test_content_view
|
|
).call
|
|
|
|
expect(html).to include(%(<link rel="stylesheet" type="text/css" href="https://cdn.example.com/site.css">))
|
|
end
|
|
end
|