Update Rails, rails_xss and Bundler
Update Bundler to 1.0.15. Update Rails to 2.3.12. Update rails_xss plugin. The latter two were the source of a considerable amount of grief, as rails_xss is now MUCH stricter about what string methods can be used. Also made it possible to use rake 0.9.x with Instiki. But you probably REALLY want to use ruby bundle exec rake ... instead of just saying rake ....
This commit is contained in:
Jacques Distler
parent
ec443685a6
commit
9e909d5be3
1105 changed files with 14278 additions and 4667 deletions
19
vendor/plugins/rails_xss/test/output_escaping_test.rb
vendored
Normal file
19
vendor/plugins/rails_xss/test/output_escaping_test.rb
vendored
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
require 'test_helper'
|
||||
|
||||
class OutputEscapingTest < ActiveSupport::TestCase
|
||||
|
||||
test "escape_html shouldn't die when passed nil" do
|
||||
assert ERB::Util.h(nil).blank?
|
||||
end
|
||||
|
||||
test "escapeHTML should escape strings" do
|
||||
assert_equal "<>"", ERB::Util.h("<>\"")
|
||||
end
|
||||
|
||||
test "escapeHTML shouldn't touch explicitly safe strings" do
|
||||
# TODO this seems easier to compose and reason about, but
|
||||
# this should be verified
|
||||
assert_equal "<", ERB::Util.h("<".html_safe)
|
||||
end
|
||||
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue