1 files changed, 8 insertions, 3 deletions

diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb
index 62ad6be680..32c655c5fd 100644
--- a/actionpack/test/template/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/template/html-scanner/sanitizer_test.rb
@@ -56,7 +56,6 @@ class SanitizerTest < ActionController::TestCase
     assert_sanitized "a b c<script language=\"Javascript\">blah blah blah</script>d e f", "a b cd e f"
   end
 
-  # TODO: Clean up
   def test_sanitize_js_handlers
     raw = %{onthis="do that" <a href="#" onclick="hello" name="foo" onbogus="remove me">hello</a>}
     assert_sanitized raw, %{onthis="do that" <a name="foo" href="#">hello</a>}
@@ -138,7 +137,7 @@ class SanitizerTest < ActionController::TestCase
       assert sanitizer.send(:contains_bad_protocols?, 'src', "#{proto}://bad")
     end
   end
-  
+
   def test_should_accept_good_protocols_ignoring_case
     sanitizer = HTML::WhiteListSanitizer.new
     HTML::WhiteListSanitizer.allowed_protocols.each do |proto|
@@ -146,6 +145,13 @@ class SanitizerTest < ActionController::TestCase
     end
   end
 
+  def test_should_accept_good_protocols_ignoring_space
+    sanitizer = HTML::WhiteListSanitizer.new
+    HTML::WhiteListSanitizer.allowed_protocols.each do |proto|
+      assert !sanitizer.send(:contains_bad_protocols?, 'src', " #{proto}://good")
+    end
+  end
+
   def test_should_accept_good_protocols
     sanitizer = HTML::WhiteListSanitizer.new
     HTML::WhiteListSanitizer.allowed_protocols.each do |proto|
@@ -208,7 +214,6 @@ class SanitizerTest < ActionController::TestCase
     assert_sanitized img_hack, "<img>"
   end
 
-  # TODO: Clean up
   def test_should_sanitize_attributes
     assert_sanitized %(<SPAN title="'><script>alert()</script>">blah</SPAN>), %(<span title="'&gt;&lt;script&gt;alert()&lt;/script&gt;">blah</span>)
   end