diff --git a/.travis.yml b/.travis.yml index 9fb5722..e6673cf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,4 +4,4 @@ node_js: before_script: - gulp bundle - sleep 5 -script: npm test +script: gulp test \ No newline at end of file diff --git a/src/js/main.js b/src/js/main.js index 2cb959a..4b66ab3 100644 --- a/src/js/main.js +++ b/src/js/main.js @@ -4,6 +4,7 @@ import WindowHandler from './window'; import CryptoUtil from './crypto'; import Chat from './chat'; import moment from 'moment'; +import sanitizeHtml from 'sanitize-html'; let fs = window.RequestFileSystem || window.webkitRequestFileSystem; @@ -60,9 +61,15 @@ $(function() { // Prevents input from having injected markup function cleanInput(input) { - let message = $('
').html(input).text(); + let message = sanitizeHtml(_.escape(input), { + allowedTags: ['b', 'i', 'em', 'strong', 'a'], + allowedAttributes: { + 'a': ['href'] + } + }); + // let message = $('
').html(input).text(); message = Autolinker.link(message); - return message; + return _.escape(message); } // Keyboard events @@ -200,10 +207,10 @@ $(function() { function handleMessageSending() { let message = chat.inputMessage; let cleanedMessage = cleanInput(message.val()); - let isCommand = chat.parseCommand(cleanedMessage); + let slashCommand = chat.parseCommand(cleanedMessage); - if (isCommand) { - return chat.executeCommand(isCommand, this); + if (slashCommand) { + return chat.executeCommand(slashCommand, this); } // Prevent markup from being injected into the message diff --git a/test/app.js b/test/app.js index 5290fdf..afbd0cf 100644 --- a/test/app.js +++ b/test/app.js @@ -1,18 +1,15 @@ -import appPkg from '../package.json'; import helpers from './helpers'; import app from '../index'; import mochaJSCS from 'mocha-jscs'; import mochaJSHint from 'mocha-jshint'; -import Browser from 'zombie'; - -const APPVER = 'v' + appPkg.version; +const Browser = require('zombie'); Browser.localhost('localhost', 3000); mochaJSCS(); mochaJSHint(); -describe('Darkwire', () => { +describe('Visiting /', () => { const browser = new Browser(); @@ -25,25 +22,19 @@ describe('Darkwire', () => { browser.visit('/', done); }); - describe('Navigate to /', () => { - it('should be running released version', () => { - browser.assert.text('#appVersion', APPVER); - }); + it('should be successful', () => { + browser.assert.success(); + }); - it('should be successful', () => { - browser.assert.success(); - }); - - it('should show welcome modal', () => { - browser.assert.evaluate('$("#first-modal:visible").length', 1); - browser.assert.text('#first-modal h4.modal-title', 'Welcome to darkwire.io ' + APPVER); - }); + it('should show welcome modal', () => { + browser.assert.evaluate('$("#first-modal:visible").length', 1); + browser.assert.text('#first-modal h4.modal-title', 'Welcome to darkwire.io'); }); describe('closing the initial modal', () => { before((done) => { - return browser.pressButton('#first-modal .modal-footer button', done); + browser.pressButton('#first-modal .modal-footer button', done); }); it('should close the modal and show the main chat page', () => { @@ -75,8 +66,9 @@ describe('Darkwire', () => { browser.click('span#send-message-btn', done); }); - it('should send message', (done) => { - helpers.zombie.waitFor(browser, '$(".messageBody").text() === "Hello world"', done); + it('should send message', () => { + browser.tabs.current = 0; + browser.assert.text('body', /Hello world/); }); }); diff --git a/test/helpers.js b/test/helpers.js index 017fb6f..e752691 100644 --- a/test/helpers.js +++ b/test/helpers.js @@ -44,16 +44,6 @@ var helpers = { return [1,2,3,4]; } }; - }, - zombie: { - waitFor: (browser, str, cb) => { - let int = setInterval(() => { - if (browser.evaluate(str)) { - clearInterval(int); - cb(); - } - }, 50); - } } };