Update Rails, rails_xss and Bundler

Update Bundler to 1.0.15. Update Rails to 2.3.12. Update rails_xss plugin. The latter two were the source of a considerable amount of grief, as rails_xss is now MUCH stricter about what string methods can be used. Also made it possible to use rake 0.9.x with Instiki. But you probably REALLY want to use ruby bundle exec rake ... instead of just saying rake ....
2011-06-15 00:43:38 -05:00 · 2011-06-15 00:43:38 -05:00 · 9e909d5be3
commit 9e909d5be3
parent ec443685a6
1105 changed files with 14278 additions and 4667 deletions
--- a/vendor/plugins/rails_xss/test/text_helper_test.rb
+++ b/vendor/plugins/rails_xss/test/text_helper_test.rb
@ -0,0 +1,30 @@
+require 'test_helper'
+
+class TextHelperTest < ActionView::TestCase
+
+  def setup
+    @controller = Class.new do
+      attr_accessor :request
+      def url_for(*args) "http://www.example.com" end
+    end.new
+  end
+
+  def test_simple_format_with_escaping_html_options
+    assert_dom_equal(%(<p class="intro">It's nice to have options.</p>),
+                     simple_format("It's nice to have options.", :class=>"intro"))
+  end
+
+  def test_simple_format_should_not_escape_safe_content
+    assert_dom_equal(%(<p>This is <script>safe_js</script>.</p>),
+                     simple_format('This is <script>safe_js</script>.'.html_safe))
+  end
+
+  def test_simple_format_escapes_unsafe_content
+    assert_dom_equal(%(<p>This is &lt;script&gt;evil_js&lt;/script&gt;.</p>),
+                     simple_format('This is <script>evil_js</script>.'))
+  end
+
+  def test_truncate_should_not_be_html_safe
+    assert !truncate("Hello World!", :length => 12).html_safe?
+  end
+end