Sanitize html (#3708)

[lemmy.git] / api_tests / src / post.spec.ts

diff --git a/api_tests/src/post.spec.ts b/api_tests/src/post.spec.ts
index 532841b13fe9b383e20c700e82969529bd99285f..42173dba81959126caab13bc9d567ba3c842d3cb 100644 (file)
--- a/api_tests/src/post.spec.ts
+++ b/api_tests/src/post.spec.ts
@@ -36,6 +36,7 @@ import {
   resolveCommunity,
 } from "./shared";
 import { PostView } from "lemmy-js-client/dist/types/PostView";
+import { CreatePost } from "lemmy-js-client/dist/types/CreatePost";
 
 let betaCommunity: CommunityView | undefined;
 
@@ -504,3 +505,21 @@ test("Report a post", async () => {
   expect(betaReport.original_post_body).toBe(alphaReport.original_post_body);
   expect(betaReport.reason).toBe(alphaReport.reason);
 });
+
+test("Sanitize HTML", async () => {
+  let betaCommunity = (await resolveBetaCommunity(beta)).community;
+  if (!betaCommunity) {
+    throw "Missing beta community";
+  }
+
+  let name = randomString(5);
+  let body = "<script>alert('xss');</script> hello";
+  let form: CreatePost = {
+    name,
+    body,
+    auth: beta.auth,
+    community_id: betaCommunity.community.id,
+  };
+  let post = await beta.client.createPost(form);
+  expect(post.post_view.post.body).toBe(" hello");
+});