properly escape html to avoid invalid utf8 causing XSS attacks

author: Aaron Patterson <aaron.patterson@gmail.com> 2011-08-16 15:18:53 -0700
committer: Aaron Patterson <aaron.patterson@gmail.com> 2011-08-16 15:24:58 -0700
commit: bfc432574d0b141fd7fe759edfe9b6771dd306bd (patch)
tree: 17ebd530a798128910f56c0b9dddd2202726ed8b /activesupport/test
parent: 586a944ddd4d03e66dea1093306147594748037a (diff)
download: rails-bfc432574d0b141fd7fe759edfe9b6771dd306bd.tar.gz
rails-bfc432574d0b141fd7fe759edfe9b6771dd306bd.tar.bz2
rails-bfc432574d0b141fd7fe759edfe9b6771dd306bd.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb
index a4bba056df..81a284dded 100644
--- a/activesupport/test/core_ext/string_ext_test.rb
+++ b/activesupport/test/core_ext/string_ext_test.rb
@@ -7,10 +7,17 @@ require 'active_support/inflector'
 require 'active_support/core_ext/string'
 require 'active_support/time'
 require 'active_support/core_ext/string/strip'
+require 'active_support/core_ext/string/output_safety'
 
 class StringInflectionsTest < Test::Unit::TestCase
   include InflectorTestCases
 
+  def test_erb_escape
+    string = [192, 60].pack('CC')
+    expected = 192.chr + "&lt;"
+    assert_equal expected, ERB::Util.html_escape(string)
+  end
+
   def test_strip_heredoc_on_an_empty_string
     assert_equal '', ''.strip_heredoc
   end
author	Aaron Patterson <aaron.patterson@gmail.com>	2011-08-16 15:18:53 -0700
committer	Aaron Patterson <aaron.patterson@gmail.com>	2011-08-16 15:24:58 -0700
commit	bfc432574d0b141fd7fe759edfe9b6771dd306bd (patch)
tree	17ebd530a798128910f56c0b9dddd2202726ed8b /activesupport/test
parent	586a944ddd4d03e66dea1093306147594748037a (diff)
download	rails-bfc432574d0b141fd7fe759edfe9b6771dd306bd.tar.gz rails-bfc432574d0b141fd7fe759edfe9b6771dd306bd.tar.bz2 rails-bfc432574d0b141fd7fe759edfe9b6771dd306bd.zip