1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ihatemoney_ynh.git synced 2024-09-03 19:26:15 +02:00

Add non-regression test for member name XSS

ref #173
This commit is contained in:
Jocelyn Delalande 2017-02-22 00:31:52 +01:00
parent 38d4534c69
commit 8c412b391f

View file

@ -911,6 +911,18 @@ class APITestCase(TestCase):
headers=self.get_auth("raclette")) headers=self.get_auth("raclette"))
self.assertStatus(404, req) self.assertStatus(404, req)
def test_username_xss(self):
# create a project
#self.api_create("raclette")
self.post_project("raclette")
self.login("raclette")
# add members
self.api_add_member("raclette", "<script>")
result = self.app.get('/raclette/')
self.assertNotIn("<script>", result.data)
def test_weighted_bills(self): def test_weighted_bills(self):
# create a project # create a project
self.api_create("raclette") self.api_create("raclette")