Security: Update to Rails 2.3.14

2011-08-19 01:54:58 -05:00 · 2011-08-19 01:54:58 -05:00 · 4b2448b09a
commit 4b2448b09a
parent 3c650f2cf6
26 changed files with 106 additions and 33 deletions
--- a/vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb
+++ b/vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb
@ -5,6 +5,13 @@ class SanitizerTest < ActionController::TestCase
    @sanitizer = nil # used by assert_sanitizer
  end

+  def test_strip_tags_with_quote
+    sanitizer = HTML::FullSanitizer.new
+    string    = '<" <img src="trollface.gif" onload="alert(1)"> hi'
+
+    assert_equal ' hi', sanitizer.sanitize(string)
+  end
+
  def test_strip_tags
    sanitizer = HTML::FullSanitizer.new
    assert_equal("<<<bad html", sanitizer.sanitize("<<<bad html"))