func (s *CommentsSuite) TestShowCommentWithEscapedScriptInjection() { // given workitemId := s.createWorkItem(testsupport.TestIdentity) commentId := s.createWorkItemComment(testsupport.TestIdentity, workitemId, "<img src=x onerror=alert('body') />", &plaintextMarkup) // when userSvc, _, _, commentsCtrl := s.securedControllers(testsupport.TestIdentity) _, result := test.ShowCommentsOK(s.T(), userSvc.Context, userSvc, commentsCtrl, commentId) // then s.validateComment(result, "<img src=x onerror=alert('body') />", rendering.SystemMarkupPlainText) }
func (s *CommentsSuite) TestShowCommentWithAuth() { // given workitemId := s.createWorkItem(testsupport.TestIdentity) commentId := s.createWorkItemComment(testsupport.TestIdentity, workitemId, "body", &plaintextMarkup) // when userSvc, _, _, commentsCtrl := s.securedControllers(testsupport.TestIdentity) _, result := test.ShowCommentsOK(s.T(), userSvc.Context, userSvc, commentsCtrl, commentId) // then s.validateComment(result, "body", rendering.SystemMarkupPlainText) }