summaryrefslogtreecommitdiff
path: root/test/web
diff options
context:
space:
mode:
Diffstat (limited to 'test/web')
-rw-r--r--test/web/activity_pub/mrf/normalize_markup_test.exs10
-rw-r--r--test/web/common_api/common_api_test.exs4
2 files changed, 7 insertions, 7 deletions
diff --git a/test/web/activity_pub/mrf/normalize_markup_test.exs b/test/web/activity_pub/mrf/normalize_markup_test.exs
index 3916a1f35..0207be56b 100644
--- a/test/web/activity_pub/mrf/normalize_markup_test.exs
+++ b/test/web/activity_pub/mrf/normalize_markup_test.exs
@@ -20,11 +20,11 @@ defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
expected = """
<b>this is in bold</b>
<p>this is a paragraph</p>
- this is a linebreak<br />
- this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
- this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
- this is an image: <img src="http://example.com/image.jpg" /><br />
- alert('hacked')
+ this is a linebreak<br/>
+ this is a link with allowed &quot;rel&quot; attribute: <a href="http://example.com/" rel="tag">example.com</a>
+ this is a link with not allowed &quot;rel&quot; attribute: <a href="http://example.com/">example.com</a>
+ this is an image: <img src="http://example.com/image.jpg"/><br/>
+ alert(&#39;hacked&#39;)
"""
message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index 1d2f20617..212b00cbb 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -140,7 +140,7 @@ defmodule Pleroma.Web.CommonAPITest do
object = Object.normalize(activity)
- assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
+ assert object.data["content"] == "<p><b>2hu</b></p>alert(&#39;xss&#39;)"
end
test "it filters out obviously bad tags when accepting a post as Markdown" do
@@ -156,7 +156,7 @@ defmodule Pleroma.Web.CommonAPITest do
object = Object.normalize(activity)
- assert object.data["content"] == "<p><b>2hu</b></p>alert('xss')"
+ assert object.data["content"] == "<p><b>2hu</b></p>alert(&#39;xss&#39;)"
end
test "it does not allow replies to direct messages that are not direct messages themselves" do
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 07:18:54 +0000