Make sure non-escaped urls aren't considered safe

1 files changed, 5 insertions, 0 deletions

diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index cc3b2455d7..cec53e479c 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -26,6 +26,11 @@ class UrlHelperTest < ActionView::TestCase
     assert_equal "http://www.example.com?a=b&amp;c=d", url_for(:a => 'b', :c => 'd', :escape => true)
     assert_equal "http://www.example.com?a=b&c=d", url_for(:a => 'b', :c => 'd', :escape => false)
   end
+  
+  def test_url_for_escaping_is_safety_aware
+    assert url_for(:a => 'b', :c => 'd', :escape => true).html_safe?, "escaped urls should be html_safe?"
+    assert !url_for(:a => 'b', :c => 'd', :escape => false).html_safe?, "non-escaped urls shouldn't be safe"
+  end
 
   def test_url_for_escapes_url_once
     @controller.url = "http://www.example.com?a=b&amp;c=d"