diff options
| author | José Valim <jose.valim@gmail.com> | 2012-01-19 05:54:35 -0800 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2012-01-19 05:54:35 -0800 |
| commit | 5caf1bd2148825404166254f676a7d4e4615cdc7 (patch) | |
| tree | 2cf761a8776fa1cd726033c6a0f2cac0122e5c87 /actionpack/test | |
| parent | b5134601adebd1dbebc18be35c5e5336011a023f (diff) | |
| parent | 71597f9d51887885c826a05d14680e26c86e622f (diff) | |
| download | rails-5caf1bd2148825404166254f676a7d4e4615cdc7.tar.gz rails-5caf1bd2148825404166254f676a7d4e4615cdc7.tar.bz2 rails-5caf1bd2148825404166254f676a7d4e4615cdc7.zip | |
Merge pull request #4532 from rafaelfranca/av-button_to-refactor
Refactor button_to helper to use token_tag method
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/template/html-scanner/sanitizer_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 27 |
2 files changed, 24 insertions, 5 deletions
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb index b4d751e405..32c655c5fd 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -56,7 +56,6 @@ class SanitizerTest < ActionController::TestCase assert_sanitized "a b c<script language=\"Javascript\">blah blah blah</script>d e f", "a b cd e f" end - # TODO: Clean up def test_sanitize_js_handlers raw = %{onthis="do that" <a href="#" onclick="hello" name="foo" onbogus="remove me">hello</a>} assert_sanitized raw, %{onthis="do that" <a name="foo" href="#">hello</a>} @@ -215,7 +214,6 @@ class SanitizerTest < ActionController::TestCase assert_sanitized img_hack, "<img>" end - # TODO: Clean up def test_should_sanitize_attributes assert_sanitized %(<SPAN title="'><script>alert()</script>">blah</SPAN>), %(<span title="'><script>alert()</script>">blah</span>) end diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index d013a44e6c..cf4dafbac4 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -11,6 +11,9 @@ class UrlHelperTest < ActiveSupport::TestCase # In those cases, we'll set up a simple mock attr_accessor :controller, :request + cattr_accessor :request_forgery + self.request_forgery = false + routes = ActionDispatch::Routing::RouteSet.new routes.draw do match "/" => "foo#bar" @@ -49,11 +52,22 @@ class UrlHelperTest < ActiveSupport::TestCase assert_equal 'javascript:history.back()', url_for(:back) end - # todo: missing test cases + # TODO: missing test cases def test_button_to_with_straight_url assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com") end + def test_button_to_with_straight_url_and_request_forgery + self.request_forgery = true + + assert_dom_equal( + %{<form method="post" action="http://www.example.com" class="button_to"><div><input type="submit" value="Hello" /><input name="form_token" type="hidden" value="secret" /></div></form>}, + button_to("Hello", "http://www.example.com") + ) + ensure + self.request_forgery = false + end + def test_button_to_with_form_class assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"custom-class\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com", :form_class => 'custom-class') end @@ -435,9 +449,16 @@ class UrlHelperTest < ActiveSupport::TestCase assert mail_to("me@domain.com", "My email", :encode => "hex").html_safe? end - # TODO: button_to looks at this ... why? def protect_against_forgery? - false + self.request_forgery + end + + def form_authenticity_token + "secret" + end + + def request_forgery_protection_token + "form_token" end private |