X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1471ad4b235e168ccee4fa351b0025b2b380d7ac..248c7167e95d970b770c43102ee68cf1319973f7:/apps/workbench/test/controllers/projects_controller_test.rb
diff --git a/apps/workbench/test/controllers/projects_controller_test.rb b/apps/workbench/test/controllers/projects_controller_test.rb
index ada0e33e70..21b3361c16 100644
--- a/apps/workbench/test/controllers/projects_controller_test.rb
+++ b/apps/workbench/test/controllers/projects_controller_test.rb
@@ -335,10 +335,38 @@ class ProjectsControllerTest < ActionController::TestCase
project = api_fixture('groups')['aproject']
use_token :active
found = Group.find(project['uuid'])
- found.description = 'Textile description with link to home page take me home.'
+ found.description = 'Textile description with link to home page take me home.'
found.save!
get(:show, {id: project['uuid']}, session_for(:active))
- assert_includes @response.body, 'Textile description with link to home page take me home.'
+ assert_includes @response.body, 'Textile description with link to home page take me home.'
+ end
+
+ test "find a project and edit description to unsafe html description" do
+ project = api_fixture('groups')['aproject']
+ use_token :active
+ found = Group.find(project['uuid'])
+ found.description = 'Textile description with unsafe script tag .'
+ found.save!
+ get(:show, {id: project['uuid']}, session_for(:active))
+ assert_includes @response.body, 'Textile description with unsafe script tag alert("Hello there").'
+ end
+
+ # Tests #14519
+ test "textile table on description renders as table html markup" do
+ use_token :active
+ project = api_fixture('groups')['aproject']
+ textile_table = <First Header'
+ assert_includes @response.body, '
Content Cell'
end
test "find a project and edit description to textile description with link to object" do