From be4f5819bd4b18ef0e241ee846d6b42fc7a36cbe Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Mon, 22 Dec 2014 10:56:00 +0000
Subject: Sanitize the blog contents

---
 spec/controllers/general_controller_spec.rb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'spec/controllers/general_controller_spec.rb')

diff --git a/spec/controllers/general_controller_spec.rb b/spec/controllers/general_controller_spec.rb
index c0a9d57d3..cb00b301c 100644
--- a/spec/controllers/general_controller_spec.rb
+++ b/spec/controllers/general_controller_spec.rb
@@ -53,6 +53,18 @@ describe GeneralController, 'when getting the blog feed' do
         end
     end
 
+    context 'when the blog has entries' do
+
+        render_views
+
+        it 'should escape any javascript from the entries' do
+            controller.stub!(:quietly_try_to_open).and_return(load_file_fixture("blog_feed.atom"))
+            get :blog
+            response.body.should_not include('<script>alert("exciting!")</script>')
+        end
+
+    end
+
 end
 
 describe GeneralController, "when showing the frontpage" do
-- 
cgit v1.2.3