2023-10-23 08:50:02 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'rails_helper'
|
|
|
|
|
2024-09-04 06:12:25 +01:00
|
|
|
RSpec.describe PreviewCard do
|
2023-10-23 08:50:02 +01:00
|
|
|
describe 'validations' do
|
|
|
|
describe 'urls' do
|
|
|
|
it 'allows http schemes' do
|
|
|
|
record = described_class.new(url: 'http://example.host/path')
|
|
|
|
|
|
|
|
expect(record).to be_valid
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows https schemes' do
|
|
|
|
record = described_class.new(url: 'https://example.host/path')
|
|
|
|
|
|
|
|
expect(record).to be_valid
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not allow javascript: schemes' do
|
|
|
|
record = described_class.new(url: 'javascript:alert()')
|
|
|
|
|
|
|
|
expect(record).to_not be_valid
|
|
|
|
expect(record).to model_have_error_on_field(:url)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|