aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/parameters/parameters_permit_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/controller/parameters/parameters_permit_test.rb')
-rw-r--r--actionpack/test/controller/parameters/parameters_permit_test.rb55
1 files changed, 55 insertions, 0 deletions
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb
index 1cb7173aa0..60bfb66f2f 100644
--- a/actionpack/test/controller/parameters/parameters_permit_test.rb
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -168,6 +168,44 @@ class ParametersPermitTest < ActiveSupport::TestCase
end
end
+ test "key to empty hash: arbitrary hashes are permitted" do
+ params = ActionController::Parameters.new(
+ username: "fxn",
+ preferences: {
+ scheme: "Marazul",
+ font: {
+ name: "Source Code Pro",
+ size: 12
+ },
+ tabstops: [4, 8, 12, 16],
+ suspicious: [true, Object.new, false, /yo!/],
+ dubious: [{a: :a, b: /wtf!/}, {c: :c}],
+ injected: Object.new
+ },
+ hacked: 1 # not a hash
+ )
+
+ permitted = params.permit(:username, preferences: {}, hacked: {})
+
+ assert permitted.permitted?
+ assert permitted[:preferences].permitted?
+ assert permitted[:preferences][:font].permitted?
+ assert permitted[:preferences][:dubious].all?(&:permitted?)
+
+ assert_equal "fxn", permitted[:username]
+ assert_equal "Marazul", permitted[:preferences][:scheme]
+ assert_equal "Source Code Pro", permitted[:preferences][:font][:name]
+ assert_equal 12, permitted[:preferences][:font][:size]
+ assert_equal [4, 8, 12, 16], permitted[:preferences][:tabstops]
+ assert_equal [true, false], permitted[:preferences][:suspicious]
+ assert_equal :a, permitted[:preferences][:dubious][0][:a]
+ assert_equal :c, permitted[:preferences][:dubious][1][:c]
+
+ assert_filtered_out permitted[:preferences][:dubious][0], :b
+ assert_filtered_out permitted[:preferences], :injected
+ assert_filtered_out permitted, :hacked
+ end
+
test "fetch raises ParameterMissing exception" do
e = assert_raises(ActionController::ParameterMissing) do
@params.fetch :foo
@@ -244,6 +282,23 @@ class ParametersPermitTest < ActiveSupport::TestCase
assert merged_params[:id]
end
+ test "not permitted is sticky beyond merge!" do
+ assert_not @params.merge!(a: "b").permitted?
+ end
+
+ test "permitted is sticky beyond merge!" do
+ @params.permit!
+ assert @params.merge!(a: "b").permitted?
+ end
+
+ test "merge! with parameters" do
+ other_params = ActionController::Parameters.new(id: "1234").permit!
+ @params.merge!(other_params)
+
+ assert_equal "1234", @params[:id]
+ assert_equal "32", @params[:person][:age]
+ end
+
test "modifying the parameters" do
@params[:person][:hometown] = "Chicago"
@params[:person][:family] = { brother: "Jonas" }
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 07:44:39 +0000