From 4d40f4d98a667072e118e56609cc2c242c92b2f9 Mon Sep 17 00:00:00 2001 From: Xavier Fernandez Date: Mon, 23 Dec 2024 10:58:09 +0100 Subject: [PATCH] tests: remove injection test since it is based on assertNotContains it is unlikely that it will break one day --- .../dashboard/test_edit_job_seeker_info.py | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/tests/www/dashboard/test_edit_job_seeker_info.py b/tests/www/dashboard/test_edit_job_seeker_info.py index 9de6b50c42..dded93669d 100644 --- a/tests/www/dashboard/test_edit_job_seeker_info.py +++ b/tests/www/dashboard/test_edit_job_seeker_info.py @@ -1,6 +1,5 @@ import datetime import math -from urllib.parse import quote import pytest from allauth.account.models import EmailAddress @@ -538,22 +537,3 @@ def test_edit_no_address_does_not_crash(self, client): response = client.post(url, data=post_data) assertContains(response, "Ce champ est obligatoire.") assert response.context["form"].errors["address_for_autocomplete"] == ["Ce champ est obligatoire."] - - @override_settings(TALLY_URL="https://tally.so") - def test_xss(self, client): - job_application = JobApplicationSentByPrescriberFactory(job_seeker__jobseeker_profile__nir="178122978200508") - user = job_application.to_company.members.first() - - # Ensure that the job seeker is not autonomous (i.e. he did not register by himself). - job_application.job_seeker.created_by = user - job_application.job_seeker.save() - - client.force_login(user) - - url = reverse( - "dashboard:edit_job_seeker_info", kwargs={"job_seeker_public_id": job_application.job_seeker.public_id} - ) - url = f"{url}?from_application={quote('">foobarfoobar", html=True)