diff options
author | Bruno Michel <bmichel@menfin.info> | 2010-02-13 19:53:26 -0200 |
---|---|---|
committer | Yehuda Katz <yehudakatz@YK.local> | 2010-02-14 12:03:28 -0800 |
commit | f86421fb282ff2d209914db736ca64380dab044d (patch) | |
tree | d539bc4dac34268b5ed973bcfc9f80744d059c88 /actionpack/test/template/tag_helper_test.rb | |
parent | 411c15ed5220cb07cfb1989d32be956f94a7478f (diff) | |
download | rails-f86421fb282ff2d209914db736ca64380dab044d.tar.gz rails-f86421fb282ff2d209914db736ca64380dab044d.tar.bz2 rails-f86421fb282ff2d209914db736ca64380dab044d.zip |
content_tag should escape its input
Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
Diffstat (limited to 'actionpack/test/template/tag_helper_test.rb')
-rw-r--r-- | actionpack/test/template/tag_helper_test.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/test/template/tag_helper_test.rb b/actionpack/test/template/tag_helper_test.rb index 433f6514cf..3858ffde40 100644 --- a/actionpack/test/template/tag_helper_test.rb +++ b/actionpack/test/template/tag_helper_test.rb @@ -37,6 +37,8 @@ class TagHelperTest < ActionView::TestCase assert content_tag("a", "Create", "href" => "create").html_safe? assert_equal content_tag("a", "Create", "href" => "create"), content_tag("a", "Create", :href => "create") + assert_equal "<p><script>evil_js</script></p>", + content_tag(:p, '<script>evil_js</script>') end def test_content_tag_with_block_in_erb |