Skip to content
This repository was archived by the owner on Apr 14, 2023. It is now read-only.

Sanitize user address json for PayPal button #274

Merged
merged 1 commit into from
Oct 30, 2020
Merged

Sanitize user address json for PayPal button #274

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/views/frontend/spree/shared/_paypal_checkout_button.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<div data-pp-message data-pp-placement="payment" data-pp-amount="<%= @order.total %>"></div>

<script>
var address = <%= SolidusPaypalBraintree::Address.new(current_order.ship_address).to_json %>
var address = <%= sanitize SolidusPaypalBraintree::Address.new(current_order.ship_address).to_json %>

var paypalOptions = {
flow: '<%= SolidusPaypalBraintree::Gateway.first.preferred_paypal_flow %>',
Expand Down
24 changes: 13 additions & 11 deletions spec/features/frontend/paypal_checkout_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,21 +60,19 @@
before do
payment_method
add_mug_to_cart
end

it "checks out successfully", skip: "Broken. To be revisited" do
click_button("Checkout")
fill_in("order_email", with: "[email protected]")

fill_in("order_email", with: "[email protected]")
click_button("Continue")
expect(page).to have_content("Customer E-Mail")

fill_in_address
click_button("Save and Continue")

expect(page).to have_content("SHIPPING METHOD")
click_button("Save and Continue")
end

it "formats the address variable correctly" do
expect(page.evaluate_script("address['recipientName']")).to eq "Ryan Bigg"
end

it "checks out successfully", skip: "Broken. To be revisited" do
pend_if_paypal_slow do
expect_any_instance_of(Spree::Order).not_to receive(:restart_checkout_flow)
move_through_paypal_popup
Expand Down Expand Up @@ -136,8 +134,12 @@ def move_through_paypal_popup

def fill_in_address
address = "order_bill_address_attributes"
fill_in "#{address}_firstname", with: "Ryan"
fill_in "#{address}_lastname", with: "Bigg"
if page.has_css?("##{address}_firstname", wait: 0)
fill_in "#{address}_firstname", with: "Ryan"
fill_in "#{address}_lastname", with: "Bigg"
else
fill_in "#{address}_name", with: "Ryan Bigg"
end
fill_in "#{address}_address1", with: "143 Swan Street"
fill_in "#{address}_city", with: "San Jose"
select "United States of America", from: "#{address}_country_id"
Expand Down