Update Bundler to 1.0.15. Update Rails to 2.3.12. Update rails_xss plugin. The latter two were the source of a considerable amount of grief, as rails_xss is now MUCH stricter about what string methods can be used. Also made it possible to use rake 0.9.x with Instiki. But you probably REALLY want to use ruby bundle exec rake ... instead of just saying rake ....
22 lines
860 B
Ruby
22 lines
860 B
Ruby
require 'test_helper'
|
|
|
|
class TagHelperTest < ActionView::TestCase
|
|
|
|
def test_content_tag
|
|
assert_equal "<a href=\"create\">Create</a>", content_tag("a", "Create", "href" => "create")
|
|
assert content_tag("a", "Create", "href" => "create").html_safe?
|
|
assert_equal content_tag("a", "Create", "href" => "create"),
|
|
content_tag("a", "Create", :href => "create")
|
|
assert_equal "<p><script>evil_js</script></p>",
|
|
content_tag(:p, '<script>evil_js</script>')
|
|
assert_equal "<p><script>evil_js</script></p>",
|
|
content_tag(:p, '<script>evil_js</script>', nil, false)
|
|
end
|
|
|
|
def test_tag_honors_html_safe_for_param_values
|
|
['1&2', '1 < 2', '“test“'].each do |escaped|
|
|
assert_equal %(<a href="#{escaped}" />), tag('a', :href => escaped.html_safe)
|
|
end
|
|
end
|
|
end
|