Module: Intermodal::RSpec::Sanitization::ClassMethods

Defined in:
lib/intermodal/rspec/models/sanitization.rb

Instance Method Summary collapse

Instance Method Details

#expects_sanitization_of(_field, _options, &additional_examples) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/intermodal/rspec/models/sanitization.rb', line 7

def expects_sanitization_of(_field, _options, &additional_examples)
  # We are not trying to retest the sanitizer so much as lightly demonstrating
  # idempotence. That is, repeated calls to the sanitizer should produce the
  # same output

  context _field.inspect do
    subject { resource.update_attributes!(updated_attributes); resource }
    let(:updated_attributes) { { _field => value } }
    let(:accepted_tags) { _options[:accepted_tags] }
    let(:rejected_tags) { _options[:rejected_tags] }

    context 'with a random string' do
      let(:value) { SecureRandom.hex(16) }
      it 'should leave it alone' do
        expect(subject).not_to be_changed     # Check update has persisted
        expect(subject.send(_field)).to eql(value)
      end
    end

    context 'with approved html tag' do
      let(:tag)     { accepted_tags.sample }
      let(:content) { SecureRandom.hex(16) }
      let(:value)   { "<#{tag}>#{content}</#{tag}>" }
      it 'should leave it alone' do
        expect(subject).not_to be_changed     # Check update has persisted
        expect(subject.send(_field)).to eql(value)
      end
    end

    context 'with tag not on whitelist' do
      let(:tag)     { rejected_tags.sample }
      let(:content) { SecureRandom.hex(16) }
      let(:value)   { "<#{tag}>#{content}</#{tag}>" }
      it 'should sanitize tag' do
        expect(subject).not_to be_changed     # Check update has persisted
        expect(subject.send(_field)).to eql(content)
      end
    end

    instance_eval(&additional_examples) if additional_examples
  end
end

#expects_stripping_of(_field, &additional_examples) ⇒ Object 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/intermodal/rspec/models/sanitization.rb', line 50

def expects_stripping_of(_field, &additional_examples)
  # We are not trying to retest the sanitizer so much as lightly demonstrating
  # idempotence. That is, repeated calls to the sanitizer should produce the
  # same output

  context _field.inspect do
    subject { resource.update_attributes!(updated_attributes); resource }
    let(:updated_attributes) { { _field => value } }
    let(:rejected_tags) { %w(p div span ol ul li em strong) }

    context 'with a random string' do
      let(:value) { SecureRandom.hex(16) }
      it 'should leave it alone' do
        expect(subject).not_to be_changed     # Check update has persisted
        expect(subject.send(_field)).to eql(value)
      end
    end

    context 'with any tag' do
      let(:tag)     { rejected_tags.sample }
      let(:content) { SecureRandom.hex(16) }
      let(:value)   { "<#{tag}>#{content}</#{tag}>" }
      it 'should sanitize tag' do
        expect(subject).not_to be_changed     # Check update has persisted
        expect(subject.send(_field)).to eql(content)
      end
    end

    instance_eval(&additional_examples) if additional_examples
  end
end