z_flag_reply_09_filetest.gno
1.22 Kb · 44 lines
1// PKGPATH: gno.land/r/gnoland/boards2/v1/filetests/z_flag_reply_09_filetest
2
3// A flag reason is user-supplied (only trimmed at write). The flagging-reasons
4// table must escape it so a reason can't inject markdown (links/images) or HTML
5// into the view other moderators see.
6package z_flag_reply_09_filetest
7
8import (
9 "strings"
10 "testing"
11
12 "gno.land/p/gnoland/boards"
13
14 boards2 "gno.land/r/gnoland/boards2/v1"
15)
16
17const owner address = "g1rp7cmetn27eqlpjpc4vuusf8kaj746tysc0qgh"
18
19var (
20 bid boards.ID
21 rid, tid boards.ID
22)
23
24func init(cur realm) {
25 testing.SetRealm(testing.NewUserRealm(owner))
26 bid = boards2.CreateBoard(cross(cur), "test-board", false, false)
27 tid = boards2.CreateThread(cross(cur), bid, "Foo", "bar")
28 rid = boards2.CreateReply(cross(cur), bid, tid, 0, "body")
29}
30
31func main(cur realm) {
32 testing.SetRealm(testing.NewUserRealm(owner))
33 boards2.FlagReply(cross(cur), bid, tid, rid, " [click](https://evil)")
34
35 out := boards2.Render("test-board/1/2/flagging-reasons")
36 // Reason text is shown but escaped — no live markdown image/link syntax.
37 ok := strings.Contains(out, "pwn") &&
38 !strings.Contains(out, "![pwn]") &&
39 !strings.Contains(out, "](https://evil)")
40 println(ok)
41}
42
43// Output:
44// true