From b1be9415effadf81e557eddee3f60bdf0fa359af Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Sun, 2 Sep 2018 00:14:25 +0000
Subject: Revert "Merge branch 'revert-a26d5e6b' into 'develop'"

This reverts commit d31bbb1cfe04ca6073a322bcf77239e7d4b79839, reversing
changes made to 340ab3cb9068d444b77213e07beb8c2c3ca128b9.
---
 test/web/common_api/common_api_test.exs | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'test/web/common_api/common_api_test.exs')

diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index 2a2c40833..cd5aca961 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -21,4 +21,36 @@ defmodule Pleroma.Web.CommonAPI.Test do
 
     assert karjalanpiirakka["name"] == ":karjalanpiirakka:"
   end
+
+  describe "posting" do
+    test "it filters out obviously bad tags when accepting a post as HTML" do
+      user = insert(:user)
+
+      post = "<h1>2hu</h1><script>alert('xss')</script>"
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          "status" => post,
+          "content_type" => "text/html"
+        })
+
+      content = activity.data["object"]["content"]
+      assert content == "<h1>2hu</h1>alert('xss')"
+    end
+
+    test "it filters out obviously bad tags when accepting a post as Markdown" do
+      user = insert(:user)
+
+      post = "<h1>2hu</h1><script>alert('xss')</script>"
+
+      {:ok, activity} =
+        CommonAPI.post(user, %{
+          "status" => post,
+          "content_type" => "text/markdown"
+        })
+
+      content = activity.data["object"]["content"]
+      assert content == "<h1>2hu</h1>alert('xss')"
+    end
+  end
 end
-- 
cgit v1.2.3


From 497814cbbb4baea91b2882fbddd5cd8d5ad6e170 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Fri, 5 Oct 2018 21:11:22 +0000
Subject: test: update test for new html scrub policy

---
 test/web/common_api/common_api_test.exs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'test/web/common_api/common_api_test.exs')

diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs
index cd5aca961..cd36e409c 100644
--- a/test/web/common_api/common_api_test.exs
+++ b/test/web/common_api/common_api_test.exs
@@ -26,7 +26,7 @@ defmodule Pleroma.Web.CommonAPI.Test do
     test "it filters out obviously bad tags when accepting a post as HTML" do
       user = insert(:user)
 
-      post = "<h1>2hu</h1><script>alert('xss')</script>"
+      post = "<p><b>2hu</b></p><script>alert('xss')</script>"
 
       {:ok, activity} =
         CommonAPI.post(user, %{
@@ -35,13 +35,13 @@ defmodule Pleroma.Web.CommonAPI.Test do
         })
 
       content = activity.data["object"]["content"]
-      assert content == "<h1>2hu</h1>alert('xss')"
+      assert content == "<p><b>2hu</b></p>alert('xss')"
     end
 
     test "it filters out obviously bad tags when accepting a post as Markdown" do
       user = insert(:user)
 
-      post = "<h1>2hu</h1><script>alert('xss')</script>"
+      post = "<p><b>2hu</b></p><script>alert('xss')</script>"
 
       {:ok, activity} =
         CommonAPI.post(user, %{
@@ -50,7 +50,7 @@ defmodule Pleroma.Web.CommonAPI.Test do
         })
 
       content = activity.data["object"]["content"]
-      assert content == "<h1>2hu</h1>alert('xss')"
+      assert content == "<p><b>2hu</b></p>alert('xss')"
     end
   end
 end
-- 
cgit v1.2.3