1 files changed, 43 insertions, 0 deletions

diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index a5da271b3..cd36e409c 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -1,6 +1,7 @@
 defmodule Pleroma.Web.CommonAPI.Test do
   use Pleroma.DataCase
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.User
 
   import Pleroma.Factory
 
@@ -10,4 +11,46 @@ defmodule Pleroma.Web.CommonAPI.Test do
 
     assert activity.data["object"]["tag"] == ["2hu"]
   end
+
+  test "it adds emoji when updating profiles" do
+    user = insert(:user, %{name: ":karjalanpiirakka:"})
+
+    CommonAPI.update(user)
+    user = User.get_cached_by_ap_id(user.ap_id)
+    [karjalanpiirakka] = user.info["source_data"]["tag"]
+
+    assert karjalanpiirakka["name"] == ":karjalanpiirakka:"
+  end
+
+  describe "posting" do
+    test "it filters out obviously bad tags when accepting a post as HTML" do
+      user = insert(:user)
+
+      post = "<p><b>2hu</b></p><script>alert('xss')</script>"
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          "status" => post,
+          "content_type" => "text/html"
+        })
+
+      content = activity.data["object"]["content"]
+      assert content == "<p><b>2hu</b></p>alert('xss')"
+    end
+
+    test "it filters out obviously bad tags when accepting a post as Markdown" do
+      user = insert(:user)
+
+      post = "<p><b>2hu</b></p><script>alert('xss')</script>"
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          "status" => post,
+          "content_type" => "text/markdown"
+        })
+
+      content = activity.data["object"]["content"]
+      assert content == "<p><b>2hu</b></p>alert('xss')"
+    end
+  end
 end