instiki/vendor/plugins/rails_xss/test/output_escaping_test.rb

require 'test_helper'

class OutputEscapingTest < ActiveSupport::TestCase

  test "escape_html shouldn't die when passed nil" do
    assert ERB::Util.h(nil).blank?
  end

  test "escapeHTML should escape strings" do
    assert_equal "&lt;&gt;&quot;", ERB::Util.h("<>\"")
  end

  test "escapeHTML shouldn't touch explicitly safe strings" do
    # TODO this seems easier to compose and reason about, but
    # this should be verified
    assert_equal "<", ERB::Util.h("<".html_safe)
  end

end
Update Rails, rails_xss and Bundler Update Bundler to 1.0.15. Update Rails to 2.3.12. Update rails_xss plugin. The latter two were the source of a considerable amount of grief, as rails_xss is now MUCH stricter about what string methods can be used. Also made it possible to use rake 0.9.x with Instiki. But you probably REALLY want to use ruby bundle exec rake ... instead of just saying rake .... 2011-06-15 07:43:38 +02:00			`require 'test_helper'`

			`class OutputEscapingTest < ActiveSupport::TestCase`

			`test "escape_html shouldn't die when passed nil" do`
			`assert ERB::Util.h(nil).blank?`
			`end`

			`test "escapeHTML should escape strings" do`
			`assert_equal "<>"", ERB::Util.h("<>\"")`
			`end`

			`test "escapeHTML shouldn't touch explicitly safe strings" do`
			`# TODO this seems easier to compose and reason about, but`
			`# this should be verified`
			`assert_equal "<", ERB::Util.h("<".html_safe)`
			`end`

			`end`