16266: Adds tests exposing potential XSS vulnerability on escape_javascript()

[arvados.git] / apps / workbench / test / integration / collections_test.rb

diff --git a/apps/workbench/test/integration/collections_test.rb b/apps/workbench/test/integration/collections_test.rb
index 443130a4a92c60cd6a46a4f4ca749d9712a5a7f9..87d3d678d174c99e03f527c58a6970f05c122f11 100644 (file)
--- a/apps/workbench/test/integration/collections_test.rb
+++ b/apps/workbench/test/integration/collections_test.rb
@@ -6,8 +6,6 @@ require 'integration_helper'
 require_relative 'integration_test_utils'
 
 class CollectionsTest < ActionDispatch::IntegrationTest
-  include KeepWebConfig
-
   setup do
     need_javascript
   end
@@ -55,9 +53,7 @@ class CollectionsTest < ActionDispatch::IntegrationTest
   end
 
   test "can download an entire collection with a reader token" do
-    use_keep_web_config
-
-    token = api_fixture('api_client_authorizations')['active']['api_token']
+    token = api_token('active')
     data = "foo\nfile\n"
     datablock = `echo -n #{data.shellescape} | ARVADOS_API_TOKEN=#{token.shellescape} arv-put --no-progress --raw -`.strip
     assert $?.success?, $?
@@ -88,7 +84,7 @@ class CollectionsTest < ActionDispatch::IntegrationTest
         link
       end
     end
-    assert_equal(['foo'], hrefs.compact.sort,
+    assert_equal(['./foo'], hrefs.compact.sort,
                  "download page did provide strictly file links")
     click_link "foo"
     assert_text "foo\nfile\n"