Add non-regression test for member name XSS

ref #173
2024-09-03 19:26:15 +02:00 · 2017-02-22 00:31:52 +01:00 · 2017-02-22 00:31:52 +01:00 · 8c412b391f
commit 8c412b391f
parent 38d4534c69
1 changed files with 12 additions and 0 deletions
--- a/budget/tests.py
+++ b/budget/tests.py
@ -911,6 +911,18 @@ class APITestCase(TestCase):
                headers=self.get_auth("raclette"))
        self.assertStatus(404, req)

+    def test_username_xss(self):
+        # create a project
+        #self.api_create("raclette")
+        self.post_project("raclette")
+        self.login("raclette")
+
+        # add members
+        self.api_add_member("raclette", "<script>")
+
+        result = self.app.get('/raclette/')
+        self.assertNotIn("<script>", result.data)
+
    def test_weighted_bills(self):
        # create a project
        self.api_create("raclette")