Add non-regression test for member name XSS

ref #173
author: Jocelyn Delalande <jocelyn@crapouillou.net> 2017-02-22 00:31:52 +0100
committer: Jocelyn Delalande <jocelyn@crapouillou.net> 2017-02-22 00:31:52 +0100
commit: 8c412b391f9402f3840728ad1e6b8043e4ed8b7b (patch)
tree: e5c0cc7c53f4b5a4c56698b35eb19706ed02dc25 /budget
parent: 38d4534c69fed139b2d0cc8e9eba5cfe5e7e3925 (diff)
download: ihatemoney-mirror-8c412b391f9402f3840728ad1e6b8043e4ed8b7b.zip
ihatemoney-mirror-8c412b391f9402f3840728ad1e6b8043e4ed8b7b.tar.gz
ihatemoney-mirror-8c412b391f9402f3840728ad1e6b8043e4ed8b7b.tar.bz2
1 files changed, 12 insertions, 0 deletions
diff --git a/budget/tests.py b/budget/tests.py
index 2ee3d81..c650c80 100644
--- a/budget/tests.py
+++ b/budget/tests.py
@@ -911,6 +911,18 @@ class APITestCase(TestCase):
                 headers=self.get_auth("raclette"))
         self.assertStatus(404, req)
 
+    def test_username_xss(self):
+        # create a project
+        #self.api_create("raclette")
+        self.post_project("raclette")
+        self.login("raclette")
+
+        # add members
+        self.api_add_member("raclette", "<script>")
+
+        result = self.app.get('/raclette/')
+        self.assertNotIn("<script>", result.data)
+
     def test_weighted_bills(self):
         # create a project
         self.api_create("raclette")
author	Jocelyn Delalande <jocelyn@crapouillou.net>	2017-02-22 00:31:52 +0100
committer	Jocelyn Delalande <jocelyn@crapouillou.net>	2017-02-22 00:31:52 +0100
commit	8c412b391f9402f3840728ad1e6b8043e4ed8b7b (patch)
tree	e5c0cc7c53f4b5a4c56698b35eb19706ed02dc25 /budget
parent	38d4534c69fed139b2d0cc8e9eba5cfe5e7e3925 (diff)
download	ihatemoney-mirror-8c412b391f9402f3840728ad1e6b8043e4ed8b7b.zip ihatemoney-mirror-8c412b391f9402f3840728ad1e6b8043e4ed8b7b.tar.gz ihatemoney-mirror-8c412b391f9402f3840728ad1e6b8043e4ed8b7b.tar.bz2