Cover the simple_sanitize helper

author Robert Speicher <rspeicher@gmail.com>

Sun, 20 Oct 2013 03:57:34 +0000 (23:57 -0400)

committer Robert Speicher <rspeicher@gmail.com>

Sun, 20 Oct 2013 03:57:34 +0000 (23:57 -0400)
author Robert Speicher <rspeicher@gmail.com>
Sun, 20 Oct 2013 03:57:34 +0000 (23:57 -0400)
committer Robert Speicher <rspeicher@gmail.com>
Sun, 20 Oct 2013 03:57:34 +0000 (23:57 -0400)
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb

index 0e48889..ab98c89 100644 (file)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -192,7 +192,7 @@ module ApplicationHelper
                alt: "Sign in with #{provider.to_s.titleize}")
    end
  
-  def simple_sanitize str
+  def simple_sanitize(str)
      sanitize(str, tags: %w(a span))
    end
  
diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb

index 0d066be..d63a2de 100644 (file)
--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
@@ -123,4 +123,21 @@ describe ApplicationHelper do
      end
    end
  
+  describe "simple_sanitize" do
+    let(:a_tag) { '<a href="#">Foo</a>' }
+
+    it "allows the a tag" do
+      simple_sanitize(a_tag).should == a_tag
+    end
+
+    it "allows the span tag" do
+      input = '<span class="foo">Bar</span>'
+      simple_sanitize(input).should == input
+    end
+
+    it "disallows other tags" do
+      input = "<strike><b>#{a_tag}</b></strike>"
+      simple_sanitize(input).should == a_tag
+    end
+  end
  end
author	Robert Speicher <rspeicher@gmail.com>
	Sun, 20 Oct 2013 03:57:34 +0000 (23:57 -0400)
committer	Robert Speicher <rspeicher@gmail.com>
	Sun, 20 Oct 2013 03:57:34 +0000 (23:57 -0400)
app/helpers/application_helper.rb		patch \| blob \| history
spec/helpers/application_helper_spec.rb		patch \| blob \| history