9e909d5be3
Update Bundler to 1.0.15. Update Rails to 2.3.12. Update rails_xss plugin. The latter two were the source of a considerable amount of grief, as rails_xss is now MUCH stricter about what string methods can be used. Also made it possible to use rake 0.9.x with Instiki. But you probably REALLY want to use ruby bundle exec rake ... instead of just saying rake ....
20 lines
493 B
Ruby
20 lines
493 B
Ruby
require 'test_helper'
|
|
|
|
class OutputEscapingTest < ActiveSupport::TestCase
|
|
|
|
test "escape_html shouldn't die when passed nil" do
|
|
assert ERB::Util.h(nil).blank?
|
|
end
|
|
|
|
test "escapeHTML should escape strings" do
|
|
assert_equal "<>"", ERB::Util.h("<>\"")
|
|
end
|
|
|
|
test "escapeHTML shouldn't touch explicitly safe strings" do
|
|
# TODO this seems easier to compose and reason about, but
|
|
# this should be verified
|
|
assert_equal "<", ERB::Util.h("<".html_safe)
|
|
end
|
|
|
|
end
|