diff options
| author | Timm <kaspth@gmail.com> | 2013-07-07 11:30:05 +0200 |
|---|---|---|
| committer | Timm <kaspth@gmail.com> | 2014-06-15 23:35:26 +0200 |
| commit | 6a05cb69e4cfb8fa763fb121428e50b8fee9a339 (patch) | |
| tree | 52208c647bf73a488862c89637d18ea15e3830e5 /actionview | |
| parent | 2e8c536fca2b20708deb5c9c1e7a91a7ebbd069b (diff) | |
| download | rails-6a05cb69e4cfb8fa763fb121428e50b8fee9a339.tar.gz rails-6a05cb69e4cfb8fa763fb121428e50b8fee9a339.tar.bz2 rails-6a05cb69e4cfb8fa763fb121428e50b8fee9a339.zip | |
Added video poster sanitization testing (from @vipulnsward).
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/test/template/sanitizers_test.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/actionview/test/template/sanitizers_test.rb b/actionview/test/template/sanitizers_test.rb index 0e1c22a02a..4dab987cea 100644 --- a/actionview/test/template/sanitizers_test.rb +++ b/actionview/test/template/sanitizers_test.rb @@ -122,6 +122,11 @@ class SanitizerTest < ActionController::TestCase assert_sanitized %(<a href="foo" onclick="bar"><script>baz</script></a>), %(<a href=\"foo\">baz</a>) end + def test_video_poster_sanitization + assert_sanitized %(<video src="videofile.ogg" autoplay poster="posterimage.jpg"></video>), %(<video src="videofile.ogg" poster="posterimage.jpg"></video>) + assert_sanitized %(<video src="videofile.ogg" poster=javascript:alert(1)></video>), %(<video src="videofile.ogg"></video>) + end + # RFC 3986, sec 4.2 def test_allow_colons_in_path_component assert_sanitized("<a href=\"./this:that\">foo</a>") |