Don't accept parameters as argument for redirect to [via @homakov]

Closes #16170
author: Santiago Pastorino <santiago@wyeworks.com> 2014-07-16 12:21:46 -0300
committer: Santiago Pastorino <santiago@wyeworks.com> 2014-07-16 12:21:51 -0300
commit: 341698ed40e023898d9f9d1f5c163d4d2cab4832 (patch)
tree: a504da696d4b30fd3776c8315f38db030f5be525 /actionpack/test
parent: 2f93aa0d2b304b804853b100174a7ac47a1c4dd5 (diff)
download: rails-341698ed40e023898d9f9d1f5c163d4d2cab4832.tar.gz
rails-341698ed40e023898d9f9d1f5c163d4d2cab4832.tar.bz2
rails-341698ed40e023898d9f9d1f5c163d4d2cab4832.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb
index 4331333b98..103ca9c776 100644
--- a/actionpack/test/controller/redirect_test.rb
+++ b/actionpack/test/controller/redirect_test.rb
@@ -90,6 +90,10 @@ class RedirectController < ActionController::Base
     redirect_to nil
   end
 
+  def redirect_to_params
+    redirect_to ActionController::Parameters.new(status: 200, protocol: 'javascript', f: '%0Aeval(name)')
+  end
+
   def redirect_to_with_block
     redirect_to proc { "http://www.rubyonrails.org/" }
   end
@@ -281,6 +285,12 @@ class RedirectTest < ActionController::TestCase
     end
   end
 
+  def test_redirect_to_params
+    assert_raise(ActionController::ActionControllerError) do
+      get :redirect_to_params
+    end
+  end
+
   def test_redirect_to_with_block
     get :redirect_to_with_block
     assert_response :redirect
author	Santiago Pastorino <santiago@wyeworks.com>	2014-07-16 12:21:46 -0300
committer	Santiago Pastorino <santiago@wyeworks.com>	2014-07-16 12:21:51 -0300
commit	341698ed40e023898d9f9d1f5c163d4d2cab4832 (patch)
tree	a504da696d4b30fd3776c8315f38db030f5be525 /actionpack/test
parent	2f93aa0d2b304b804853b100174a7ac47a1c4dd5 (diff)
download	rails-341698ed40e023898d9f9d1f5c163d4d2cab4832.tar.gz rails-341698ed40e023898d9f9d1f5c163d4d2cab4832.tar.bz2 rails-341698ed40e023898d9f9d1f5c163d4d2cab4832.zip