diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2015-12-18 12:47:38 -0200 |
|---|---|---|
| committer | Rafael França <rafaelmfranca@gmail.com> | 2015-12-18 12:47:38 -0200 |
| commit | b5c13fcdaa3f3746888b174caa3df2873846df2e (patch) | |
| tree | b574a7d913758fbd3dd85e7a84b211c6bd88a122 /actionpack/test/controller/url_for_test.rb | |
| parent | 90101afe1ab9e8d5b241f968f164171c2d9c4fc6 (diff) | |
| parent | 4752e7d83794ecf23c6d0367f0bcad8eee33da59 (diff) | |
| download | rails-b5c13fcdaa3f3746888b174caa3df2873846df2e.tar.gz rails-b5c13fcdaa3f3746888b174caa3df2873846df2e.tar.bz2 rails-b5c13fcdaa3f3746888b174caa3df2873846df2e.zip | |
Merge pull request #20797 from byroot/prevent-url-for-ac-parameters
Prevent ActionController::Parameters in url_for
Diffstat (limited to 'actionpack/test/controller/url_for_test.rb')
| -rw-r--r-- | actionpack/test/controller/url_for_test.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/actionpack/test/controller/url_for_test.rb b/actionpack/test/controller/url_for_test.rb index 78e883f134..67212fea38 100644 --- a/actionpack/test/controller/url_for_test.rb +++ b/actionpack/test/controller/url_for_test.rb @@ -375,6 +375,13 @@ module AbstractController assert_equal({'query[person][position][]' => 'prof' }.to_query, params[3]) end + def test_url_action_controller_parameters + add_host! + assert_raise(ArgumentError) do + W.new.url_for(ActionController::Parameters.new(:controller => 'c', :action => 'a', protocol: 'javascript', f: '%0Aeval(name)')) + end + end + def test_path_generation_for_symbol_parameter_keys assert_generates("/image", :controller=> :image) end |