diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2012-07-31 22:25:54 -0300 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-07-31 22:26:52 -0300 |
commit | b6ab4417720e03f1551abda2f1e4bd0a392dd04e (patch) | |
tree | 26546831441178c40782e3357e1a6961ef4f899c /actionpack/test/controller/render_test.rb | |
parent | c10202208982bfa02ffd16d1614992228391d781 (diff) | |
download | rails-b6ab4417720e03f1551abda2f1e4bd0a392dd04e.tar.gz rails-b6ab4417720e03f1551abda2f1e4bd0a392dd04e.tar.bz2 rails-b6ab4417720e03f1551abda2f1e4bd0a392dd04e.zip |
html_escape should escape single quotes
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Diffstat (limited to 'actionpack/test/controller/render_test.rb')
-rw-r--r-- | actionpack/test/controller/render_test.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index 6bebe7e1ed..3f047fc9b5 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -186,7 +186,7 @@ class TestController < ActionController::Base # :ported: def render_text_hello_world_with_layout - @variable_for_layout = ", I'm here!" + @variable_for_layout = ", I am here!" render :text => "hello world", :layout => true end @@ -844,7 +844,7 @@ class RenderTest < ActionController::TestCase # :ported: def test_do_with_render_text_and_layout get :render_text_hello_world_with_layout - assert_equal "<html>hello world, I'm here!</html>", @response.body + assert_equal "<html>hello world, I am here!</html>", @response.body end # :ported: |