Update Rails, rails_xss and Bundler
Update Bundler to 1.0.15. Update Rails to 2.3.12. Update rails_xss plugin. The latter two were the source of a considerable amount of grief, as rails_xss is now MUCH stricter about what string methods can be used. Also made it possible to use rake 0.9.x with Instiki. But you probably REALLY want to use ruby bundle exec rake ... instead of just saying rake ....
This commit is contained in:
Jacques Distler
parent
ec443685a6
commit
9e909d5be3
1105 changed files with 14278 additions and 4667 deletions
36
vendor/plugins/rails_xss/test/erb_util_test.rb
vendored
Normal file
36
vendor/plugins/rails_xss/test/erb_util_test.rb
vendored
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
require 'test_helper'
|
||||
|
||||
class ErbUtilTest < Test::Unit::TestCase
|
||||
include ERB::Util
|
||||
|
||||
ERB::Util::HTML_ESCAPE.each do |given, expected|
|
||||
define_method "test_html_escape_#{expected.gsub(/\W/, '')}" do
|
||||
assert_equal expected, html_escape(given)
|
||||
end
|
||||
|
||||
unless given == '"'
|
||||
define_method "test_json_escape_#{expected.gsub(/\W/, '')}" do
|
||||
assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def test_html_escape_is_html_safe
|
||||
escaped = h("<p>")
|
||||
assert_equal "<p>", escaped
|
||||
assert escaped.html_safe?
|
||||
end
|
||||
|
||||
def test_html_escape_passes_html_escpe_unmodified
|
||||
escaped = h("<p>".html_safe)
|
||||
assert_equal "<p>", escaped
|
||||
assert escaped.html_safe?
|
||||
end
|
||||
|
||||
def test_rest_in_ascii
|
||||
(0..127).to_a.map {|int| int.chr }.each do |chr|
|
||||
next if %w(& " < >).include?(chr)
|
||||
assert_equal chr, html_escape(chr)
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue