diff options
| -rw-r--r-- | budget/tests.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/budget/tests.py b/budget/tests.py index 2ee3d81..c650c80 100644 --- a/budget/tests.py +++ b/budget/tests.py @@ -911,6 +911,18 @@ class APITestCase(TestCase): headers=self.get_auth("raclette")) self.assertStatus(404, req) + def test_username_xss(self): + # create a project + #self.api_create("raclette") + self.post_project("raclette") + self.login("raclette") + + # add members + self.api_add_member("raclette", "<script>") + + result = self.app.get('/raclette/') + self.assertNotIn("<script>", result.data) + def test_weighted_bills(self): # create a project self.api_create("raclette") |