diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 18:03:06 -0800 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 18:03:06 -0800 |
| commit | 31f8a59c16d4a29553e2dbf891c891493fd138c0 (patch) | |
| tree | 6597116007205dd156d0d5d8fb2c6e699ca2944e /actionpack/test/controller/request_forgery_protection_test.rb | |
| parent | 7b1d3a0ca38c480ef65e78d28f2b18573b8abd74 (diff) | |
| download | rails-31f8a59c16d4a29553e2dbf891c891493fd138c0.tar.gz rails-31f8a59c16d4a29553e2dbf891c891493fd138c0.tar.bz2 rails-31f8a59c16d4a29553e2dbf891c891493fd138c0.zip | |
Test that csrf meta content is html-escaped, too
Diffstat (limited to 'actionpack/test/controller/request_forgery_protection_test.rb')
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 77d07d8eeb..be05ef6167 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -217,8 +217,9 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase end test 'should emit a csrf-token meta tag' do + ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') get :meta - assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body + assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="cf50faa3fe97702ca1ae<=?"/>), @response.body end end |