Search Apps Documentation Source Content File Folder Download Copy Actions Download

z_flag_reply_09_filetest.gno

1.22 Kb · 44 lines
 1// PKGPATH: gno.land/r/gnoland/boards2/v1/filetests/z_flag_reply_09_filetest
 2
 3// A flag reason is user-supplied (only trimmed at write). The flagging-reasons
 4// table must escape it so a reason can't inject markdown (links/images) or HTML
 5// into the view other moderators see.
 6package z_flag_reply_09_filetest
 7
 8import (
 9	"strings"
10	"testing"
11
12	"gno.land/p/gnoland/boards"
13
14	boards2 "gno.land/r/gnoland/boards2/v1"
15)
16
17const owner address = "g1rp7cmetn27eqlpjpc4vuusf8kaj746tysc0qgh"
18
19var (
20	bid      boards.ID
21	rid, tid boards.ID
22)
23
24func init(cur realm) {
25	testing.SetRealm(testing.NewUserRealm(owner))
26	bid = boards2.CreateBoard(cross(cur), "test-board", false, false)
27	tid = boards2.CreateThread(cross(cur), bid, "Foo", "bar")
28	rid = boards2.CreateReply(cross(cur), bid, tid, 0, "body")
29}
30
31func main(cur realm) {
32	testing.SetRealm(testing.NewUserRealm(owner))
33	boards2.FlagReply(cross(cur), bid, tid, rid, "![pwn](https://evil/x.png) [click](https://evil)")
34
35	out := boards2.Render("test-board/1/2/flagging-reasons")
36	// Reason text is shown but escaped — no live markdown image/link syntax.
37	ok := strings.Contains(out, "pwn") &&
38		!strings.Contains(out, "![pwn]") &&
39		!strings.Contains(out, "](https://evil)")
40	println(ok)
41}
42
43// Output:
44// true