Fixed the sanitize helper to avoid double escaping already properly escaped entities [#683 state:committed]

author: David Heinemeier Hansson <david@loudthinking.com> 2008-11-06 13:02:32 +0100
committer: David Heinemeier Hansson <david@loudthinking.com> 2008-11-06 13:02:32 +0100
commit: a358d87e16fa876de29286b69474ab6aaee4a80b (patch)
tree: 6d5a68b1948a2727fb515c794f1e4854c8eedb3e /actionpack/test/controller
parent: 077773257b682b7929e77ced3bbf46acf56a10c9 (diff)
download: rails-a358d87e16fa876de29286b69474ab6aaee4a80b.tar.gz
rails-a358d87e16fa876de29286b69474ab6aaee4a80b.tar.bz2
rails-a358d87e16fa876de29286b69474ab6aaee4a80b.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb
index a9e8447e32..bae0f5c9fd 100644
--- a/actionpack/test/controller/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -253,6 +253,10 @@ class SanitizerTest < Test::Unit::TestCase
     assert_sanitized "<![CDATA[<span>neverending...", "&lt;![CDATA[&lt;span>neverending...]]>"
   end
 
+  def test_should_not_mangle_urls_with_ampersand
+     assert_sanitized %{<a href=\"http://www.domain.com?var1=1&amp;var2=2\">my link</a>}
+  end
+
 protected
   def assert_sanitized(input, expected = nil)
     @sanitizer ||= HTML::WhiteListSanitizer.new
author	David Heinemeier Hansson <david@loudthinking.com>	2008-11-06 13:02:32 +0100
committer	David Heinemeier Hansson <david@loudthinking.com>	2008-11-06 13:02:32 +0100
commit	a358d87e16fa876de29286b69474ab6aaee4a80b (patch)
tree	6d5a68b1948a2727fb515c794f1e4854c8eedb3e /actionpack/test/controller
parent	077773257b682b7929e77ced3bbf46acf56a10c9 (diff)
download	rails-a358d87e16fa876de29286b69474ab6aaee4a80b.tar.gz rails-a358d87e16fa876de29286b69474ab6aaee4a80b.tar.bz2 rails-a358d87e16fa876de29286b69474ab6aaee4a80b.zip