osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
477bacb3ae
osr-discourse-src/test/javascripts/acceptance/admin-watched-words-test.js.es6
Guo Xiang Tan 477bacb3ae SECURITY: XSS when displaying watched words in admin panel. 
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:58:52 +08:00

88 lines
2.1 KiB
JavaScript
Raw Blame History

import { acceptance } from "helpers/qunit-helpers";
acceptance("Admin - Watched Words", { loggedIn: true });
QUnit.test("list words in groups", async assert => {
await visit("/admin/logs/watched_words/action/block");
assert.ok(exists(".watched-words-list"));
assert.ok(
!exists(".watched-words-list .watched-word"),
"Don't show bad words by default."
);
await fillIn(".admin-controls .controls input[type=text]", "li");
assert.equal(
find(".watched-words-list .watched-word").length,
1,
"When filtering, show words even if checkbox is unchecked."
);
await fillIn(".admin-controls .controls input[type=text]", "");
assert.ok(
!exists(".watched-words-list .watched-word"),
"Clearing the filter hides words again."
);
await click(".show-words-checkbox");
assert.ok(
exists(".watched-words-list .watched-word"),
"Always show the words when checkbox is checked."
);
assert.equal(
$(find(".watched-words-list .watched-word")[2]).text(),
' <img src="x">',
"it should escape watched words"
);
await click(".nav-stacked .censor a");
assert.ok(exists(".watched-words-list"));
assert.ok(!exists(".watched-words-list .watched-word"), "Empty word list.");
});
QUnit.test("add words", async assert => {
await visit("/admin/logs/watched_words/action/block");
click(".show-words-checkbox");
fillIn(".watched-word-form input", "poutine");
await click(".watched-word-form button");
let found = [];
$.each(find(".watched-words-list .watched-word"), (index, elem) => {
if (
$(elem)
.text()
.trim() === "poutine"
) {
found.push(true);
}
});
assert.equal(found.length, 1);
});
QUnit.test("remove words", async assert => {
await visit("/admin/logs/watched_words/action/block");
await click(".show-words-checkbox");
let word = null;
$.each(find(".watched-words-list .watched-word"), (index, elem) => {
if (
$(elem)
.text()
.trim() === "anise"
) {
word = elem;
}
});
await click("#" + $(word).attr("id"));
assert.equal(find(".watched-words-list .watched-word").length, 1);
});
Reference in New Issue View Git Blame Copy Permalink