instiki/vendor/plugins/rails_xss/test/rails_xss_test.rb
Jacques Distler 9e909d5be3 Update Rails, rails_xss and Bundler
Update Bundler to 1.0.15.
Update Rails to 2.3.12.
Update rails_xss plugin.

The latter two were the
source of a considerable
amount of grief, as rails_xss
is now MUCH stricter about what
string methods can be used.

Also made it possible to use
rake 0.9.x with Instiki. But
you probably REALLY want to use

 ruby bundle exec rake ...

instead of just saying

 rake ....
2011-06-15 00:43:38 -05:00

24 lines
677 B
Ruby

require 'test_helper'
class RailsXssTest < ActiveSupport::TestCase
test "ERB::Util.h should mark its return value as safe and escape it" do
escaped = ERB::Util.h("<p>")
assert_equal "&lt;p&gt;", escaped
assert escaped.html_safe?
end
test "ERB::Util.h should leave previously safe strings alone " do
# TODO this seems easier to compose and reason about, but
# this should be verified
escaped = ERB::Util.h("<p>".html_safe)
assert_equal "<p>", escaped
assert escaped.html_safe?
end
test "ERB::Util.h should not implode when passed a non-string" do
assert_nothing_raised do
assert_equal "1", ERB::Util.h(1)
end
end
end