X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/44c95f99098fa6c6acbfa82d4b6cbc6015eb6e39..248c7167e95d970b770c43102ee68cf1319973f7:/apps/workbench/test/controllers/projects_controller_test.rb diff --git a/apps/workbench/test/controllers/projects_controller_test.rb b/apps/workbench/test/controllers/projects_controller_test.rb index f45f178395..21b3361c16 100644 --- a/apps/workbench/test/controllers/projects_controller_test.rb +++ b/apps/workbench/test/controllers/projects_controller_test.rb @@ -32,7 +32,7 @@ class ProjectsControllerTest < ActionController::TestCase id: readonly_project_uuid }, session_for(which_user) buttons = css_select('[data-method=post]').select do |el| - el.attributes['data-remote-href'].match /project.*owner_uuid.*#{readonly_project_uuid}/ + el.attributes['data-remote-href'].value.match /project.*owner_uuid.*#{readonly_project_uuid}/ end if should_show assert_not_empty(buttons, "did not offer to create a subproject") @@ -146,7 +146,6 @@ class ProjectsControllerTest < ActionController::TestCase # An object which does not offer an expired_at field but has a xx_owner_uuid_name_unique constraint # will be renamed when removed and another object with the same name exists in user's home project. [ - ['groups', 'subproject_in_asubproject_with_same_name_as_one_in_active_user_home'], ['pipeline_templates', 'template_in_asubproject_with_same_name_as_one_in_active_user_home'], ].each do |dm, fixture| test "removing #{dm} from a subproject results in renaming it when there is another such object with same name in home project" do @@ -336,10 +335,38 @@ class ProjectsControllerTest < ActionController::TestCase project = api_fixture('groups')['aproject'] use_token :active found = Group.find(project['uuid']) - found.description = 'Textile description with link to home page take me home.' + found.description = 'Textile description with link to home page take me home.' found.save! get(:show, {id: project['uuid']}, session_for(:active)) - assert_includes @response.body, 'Textile description with link to home page take me home.' + assert_includes @response.body, 'Textile description with link to home page take me home.' + end + + test "find a project and edit description to unsafe html description" do + project = api_fixture('groups')['aproject'] + use_token :active + found = Group.find(project['uuid']) + found.description = 'Textile description with unsafe script tag .' + found.save! + get(:show, {id: project['uuid']}, session_for(:active)) + assert_includes @response.body, 'Textile description with unsafe script tag alert("Hello there").' + end + + # Tests #14519 + test "textile table on description renders as table html markup" do + use_token :active + project = api_fixture('groups')['aproject'] + textile_table = <First Header' + assert_includes @response.body, 'Content Cell' end test "find a project and edit description to textile description with link to object" do @@ -440,7 +467,7 @@ class ProjectsControllerTest < ActionController::TestCase { fixture: 'container_requests', state: 'running', - selectors: [['div.progress', true]] + selectors: [['.label-info', true, 'Running']] }, { fixture: 'pipeline_instances', @@ -451,7 +478,7 @@ class ProjectsControllerTest < ActionController::TestCase { fixture: 'pipeline_instances', state: 'pipeline_in_running_state', - selectors: [['div.progress', true]] + selectors: [['.label-info', true, 'Running']] }, ].each do |c| uuid = api_fixture(c[:fixture])[c[:state]]['uuid']