diff options
Diffstat (limited to 'actionpack/test/template')
-rw-r--r-- | actionpack/test/template/text_helper_test.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index ed2f08e755..926ebdaf47 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -86,5 +86,29 @@ class TextHelperTest < Test::Unit::TestCase assert_equal %(<p>Link #{link2_result}</p>), auto_link("<p>Link #{link2_raw}</p>") assert_equal %(<p>#{link2_result} Link</p>), auto_link("<p>#{link2_raw} Link</p>") end + + def test_sanitize_form + raw = "<form action=\"/foo/bar\" method=\"post\"><input></form>" + result = sanitize(raw) + assert_equal "<form action='/foo/bar' method='post'><input></form>", result + end + + def test_sanitize_script + raw = "<script language=\"Javascript\">blah blah blah</script>" + result = sanitize(raw) + assert_equal "<script language='Javascript'>blah blah blah</script>", result + end + + def test_sanitize_js_handlers + raw = %{onthis="do that" <a href="#" onclick="hello" name="foo" onbogus="remove me">hello</a>} + result = sanitize(raw) + assert_equal %{onthis="do that" <a name='foo' href='#'>hello</a>}, result + end + + def test_sanitize_javascript_href + raw = %{href="javascript:bang" <a href="javascript:bang" name="hello">foo</a>, <span href="javascript:bang">bar</span>} + result = sanitize(raw) + assert_equal %{href="javascript:bang" <a name='hello'>foo</a>, <span>bar</span>}, result + end end |