content_tag should escape its input

Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
author: Bruno Michel <bmichel@menfin.info> 2010-02-13 19:53:26 -0200
committer: Yehuda Katz <yehudakatz@YK.local> 2010-02-14 12:03:28 -0800
commit: f86421fb282ff2d209914db736ca64380dab044d (patch)
tree: d539bc4dac34268b5ed973bcfc9f80744d059c88 /actionpack/test/template/tag_helper_test.rb
parent: 411c15ed5220cb07cfb1989d32be956f94a7478f (diff)
download: rails-f86421fb282ff2d209914db736ca64380dab044d.tar.gz
rails-f86421fb282ff2d209914db736ca64380dab044d.tar.bz2
rails-f86421fb282ff2d209914db736ca64380dab044d.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/test/template/tag_helper_test.rb b/actionpack/test/template/tag_helper_test.rb
index 433f6514cf..3858ffde40 100644
--- a/actionpack/test/template/tag_helper_test.rb
+++ b/actionpack/test/template/tag_helper_test.rb
@@ -37,6 +37,8 @@ class TagHelperTest < ActionView::TestCase
     assert content_tag("a", "Create", "href" => "create").html_safe?
     assert_equal content_tag("a", "Create", "href" => "create"),
                  content_tag("a", "Create", :href => "create")
+    assert_equal "<p>&lt;script&gt;evil_js&lt;/script&gt;</p>",
+                 content_tag(:p, '<script>evil_js</script>')
   end
 
   def test_content_tag_with_block_in_erb
author	Bruno Michel <bmichel@menfin.info>	2010-02-13 19:53:26 -0200
committer	Yehuda Katz <yehudakatz@YK.local>	2010-02-14 12:03:28 -0800
commit	f86421fb282ff2d209914db736ca64380dab044d (patch)
tree	d539bc4dac34268b5ed973bcfc9f80744d059c88 /actionpack/test/template/tag_helper_test.rb
parent	411c15ed5220cb07cfb1989d32be956f94a7478f (diff)
download	rails-f86421fb282ff2d209914db736ca64380dab044d.tar.gz rails-f86421fb282ff2d209914db736ca64380dab044d.tar.bz2 rails-f86421fb282ff2d209914db736ca64380dab044d.zip