diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2011-02-01 19:17:13 -0200 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2011-02-01 19:17:31 -0200 |
| commit | 86dc5987b23047f8c3345552341c15dd0e5e245d (patch) | |
| tree | dff93e9a8c83525091f170f0aad40fbd2399a825 /actionpack/test | |
| parent | 15ad707852159f405e5f6dc61581cb9dbb2864c7 (diff) | |
| download | rails-86dc5987b23047f8c3345552341c15dd0e5e245d.tar.gz rails-86dc5987b23047f8c3345552341c15dd0e5e245d.tar.bz2 rails-86dc5987b23047f8c3345552341c15dd0e5e245d.zip | |
add test to check class is being escaped in form_class
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index 42232316e8..2e1661a0ac 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -54,6 +54,10 @@ class UrlHelperTest < ActiveSupport::TestCase assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"custom-class\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com", :form_class => 'custom-class') end + def test_button_to_with_form_class_escapes + assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"<script>evil_js</script>\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com", :form_class => '<script>evil_js</script>') + end + def test_button_to_with_query assert_dom_equal "<form method=\"post\" action=\"http://www.example.com/q1=v1&q2=v2\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com/q1=v1&q2=v2") end |