|
|
@ -9,26 +9,10 @@ RSpec.describe PreviewCard do
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
describe 'validations' do
|
|
|
|
describe 'Validations' do
|
|
|
|
describe 'urls' do
|
|
|
|
describe 'url' do
|
|
|
|
it 'allows http schemes' do
|
|
|
|
it { is_expected.to allow_values('http://example.host/path', 'https://example.host/path').for(:url) }
|
|
|
|
record = described_class.new(url: 'http://example.host/path')
|
|
|
|
it { is_expected.to_not allow_value('javascript:alert()').for(:url) }
|
|
|
|
|
|
|
|
|
|
|
|
expect(record).to be_valid
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
it 'allows https schemes' do
|
|
|
|
|
|
|
|
record = described_class.new(url: 'https://example.host/path')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect(record).to be_valid
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
it 'does not allow javascript: schemes' do
|
|
|
|
|
|
|
|
record = described_class.new(url: 'javascript:alert()')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expect(record).to_not be_valid
|
|
|
|
|
|
|
|
expect(record).to model_have_error_on_field(:url)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|