tests: remove injection test

since it is based on assertNotContains it is unlikely that it will break one day
gip-inclusion · Dec 23, 2024 · aada9f1 · aada9f1
1 parent 43d6f11
commit aada9f1
Showing 1 changed file with 0 additions and 20 deletions.
diff --git a/tests/www/dashboard/test_edit_job_seeker_info.py b/tests/www/dashboard/test_edit_job_seeker_info.py
@@ -1,6 +1,5 @@
 import datetime
 import math
-from urllib.parse import quote
 
 import pytest
 from allauth.account.models import EmailAddress
@@ -538,22 +537,3 @@ def test_edit_no_address_does_not_crash(self, client):
         response = client.post(url, data=post_data)
         assertContains(response, "Ce champ est obligatoire.")
         assert response.context["form"].errors["address_for_autocomplete"] == ["Ce champ est obligatoire."]
-
-    @override_settings(TALLY_URL="https://tally.so")
-    def test_xss(self, client):
-        job_application = JobApplicationSentByPrescriberFactory(job_seeker__jobseeker_profile__nir="178122978200508")
-        user = job_application.to_company.members.first()
-
-        # Ensure that the job seeker is not autonomous (i.e. he did not register by himself).
-        job_application.job_seeker.created_by = user
-        job_application.job_seeker.save()
-
-        client.force_login(user)
-
-        url = reverse(
-            "dashboard:edit_job_seeker_info", kwargs={"job_seeker_public_id": job_application.job_seeker.public_id}
-        )
-        url = f"{url}?from_application={quote('"></a><blink>foobar</blink><a href="')}"
-
-        response = client.get(url)
-        assertNotContains(response, "<blink>foobar</blink>", html=True)