- get(:show, {id: project['uuid']}, session_for(:active))
- assert_includes @response.body, 'Textile description with link to home page <a href="/">take me home</a>.'
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, '<b>Textile</b> description with link to home page <a href="/">take me home</a>.'
+ end
+
+ test "find a project and edit description to unsafe html description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = 'Textile description with unsafe script tag <script language="javascript">alert("Hello there")</script>.'
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, 'Textile description with unsafe script tag alert("Hello there").'
+ end
+
+ # Tests #14519
+ test "textile table on description renders as table html markup" do
+ use_token :active
+ project = api_fixture('groups')['aproject']
+ textile_table = <<EOT
+table(table table-striped table-condensed).
+|_. First Header |_. Second Header |
+|Content Cell |Content Cell |
+|Content Cell |Content Cell |
+EOT
+ found = Group.find(project['uuid'])
+ found.description = textile_table
+ found.save!
+ get(:show, params: {id: project['uuid']}, session: session_for(:active))
+ assert_includes @response.body, '<th>First Header'
+ assert_includes @response.body, '<td>Content Cell'