diff options
-rw-r--r-- | actionpack/test/controller/html-scanner/sanitizer_test.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb index a2f28eb5cf..db142f0bc6 100644 --- a/actionpack/test/controller/html-scanner/sanitizer_test.rb +++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb @@ -240,15 +240,19 @@ class SanitizerTest < Test::Unit::TestCase end def test_should_sanitize_img_vbscript - assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />' + assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />' end protected def assert_sanitized(input, expected = nil) @sanitizer ||= HTML::WhiteListSanitizer.new - assert_equal expected || input, @sanitizer.sanitize(input) + if input + assert_dom_equal expected || input, @sanitizer.sanitize(input) + else + assert_nil @sanitizer.sanitize(input) + end end - + def sanitize_css(input) (@sanitizer ||= HTML::WhiteListSanitizer.new).sanitize_css(input) end |