Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-07 12:02:53 +08:00
Code Packages Activity Actions 5

FIX: Don't allow <button> in posts either.

Browse source
This commit is contained in:
Robin Ward 2014-02-04 16:28:34 -05:00
parent f1b4c26e8e
commit 8adb08a9ca
2 changed files with 1 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

1
test/javascripts/lib/markdown_test.js
View file

@ -350,6 +350,7 @@ test("sanitize", function() {
"<iframe src=\"https://www.google.com/maps/embed?pb=!1m10!1m8!1m3!1d2624.9983685732213!2d2.29432085!3d48.85824149999999!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sen!2s!4v1385737436368\" width=\"100\" height=\"42\"></iframe>",
"it allows iframe to google maps");
equal(sanitize("<textarea>hullo</textarea>"), "hullo");
equal(sanitize("<button>press me!</button>"), "press me!");
});
test("URLs in BBCode tags", function() {