Validate note comments for control characters

diff --git a/app/models/note_comment.rb b/app/models/note_comment.rb
index 07d43cd741da065ada41e4705b458874f5ca3756..dd91a95b4df1f7b557085f8e9da08e2d1229dba5 100644 (file)
--- a/app/models/note_comment.rb
+++ b/app/models/note_comment.rb
@@ -9,6 +9,7 @@ class NoteComment < ActiveRecord::Base
   validates_presence_of :visible
   validates_associated :author
   validates_inclusion_of :event, :in => [ "opened", "closed", "reopened", "commented", "hidden" ]
+  validates_format_of :body, :with => /\A[^\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\ufffe\uffff]*\z/
 
   # Return the comment text
   def body

diff --git a/test/models/note_comment_test.rb b/test/models/note_comment_test.rb
new file mode 100644 (file)
index 0000000..d1210f6
--- /dev/null
+++ b/test/models/note_comment_test.rb
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+require 'test_helper'
+
+class NoteCommentTest < ActiveSupport::TestCase
+  fixtures :users, :notes, :note_comments
+
+  def test_body_valid
+    ok = [ "Name", "vergrößern", "foo\x0abar",
+           "ルシステムにも対応します", "輕觸搖晃的遊戲", ]
+    bad = [ "foo\x00bar", "foo\x08bar", "foo\x1fbar", "foo\x7fbar",
+            "foo\ufffebar", "foo\uffffbar" ]
+
+    ok.each do |body|
+      note_comment = note_comments(:t1)
+      note_comment.body = body
+      assert note_comment.valid?, "#{body} is invalid, when it should be"
+    end
+    
+    bad.each do |body|
+      note_comment = note_comments(:t1)
+      note_comment.body = body
+      assert !note_comment.valid?, "#{body} is valid when it shouldn't be"
+    end
+  end
+end