9e909d5be3
Update Bundler to 1.0.15. Update Rails to 2.3.12. Update rails_xss plugin. The latter two were the source of a considerable amount of grief, as rails_xss is now MUCH stricter about what string methods can be used. Also made it possible to use rake 0.9.x with Instiki. But you probably REALLY want to use ruby bundle exec rake ... instead of just saying rake ....
24 lines
677 B
Ruby
24 lines
677 B
Ruby
require 'test_helper'
|
|
|
|
class RailsXssTest < ActiveSupport::TestCase
|
|
test "ERB::Util.h should mark its return value as safe and escape it" do
|
|
escaped = ERB::Util.h("<p>")
|
|
assert_equal "<p>", escaped
|
|
assert escaped.html_safe?
|
|
end
|
|
|
|
test "ERB::Util.h should leave previously safe strings alone " do
|
|
# TODO this seems easier to compose and reason about, but
|
|
# this should be verified
|
|
escaped = ERB::Util.h("<p>".html_safe)
|
|
assert_equal "<p>", escaped
|
|
assert escaped.html_safe?
|
|
end
|
|
|
|
test "ERB::Util.h should not implode when passed a non-string" do
|
|
assert_nothing_raised do
|
|
assert_equal "1", ERB::Util.h(1)
|
|
end
|
|
end
|
|
end
|