diff options
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/test/template/sanitize_helper_test.rb | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb index 644e102951..e4be21be2c 100644 --- a/actionview/test/template/sanitize_helper_test.rb +++ b/actionview/test/template/sanitize_helper_test.rb @@ -5,20 +5,10 @@ require 'abstract_unit' class SanitizeHelperTest < ActionView::TestCase tests ActionView::Helpers::SanitizeHelper - def test_strip_links_pending - skip "Pending. These tests don't pass. See explanation in sanitizers_test.rb" - - assert_equal "<a<a", strip_links("<a<a") - assert_equal "all <b>day</b> long", strip_links("<<a>a href='hello'>all <b>day</b> long<</A>/a>") - end - def test_strip_links assert_equal "Dont touch me", strip_links("Dont touch me") - assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>") - assert_equal "0wn3d", strip_links("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>") assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic") - assert_equal "FrrFox", strip_links("<href onlclick='steal()'>FrrFox</a></href>") assert_equal "My mind\nall <b>day</b> long", strip_links("<a href='almost'>My mind</a>\n<A href='almost'>all <b>day</b> long</A>") end @@ -32,37 +22,10 @@ class SanitizeHelperTest < ActionView::TestCase assert_equal expected, sanitize_css(raw) end - def test_strip_tags_pending - skip "Pending. These tests don't pass. See explanation in sanitizers_test.rb" - - assert_equal("<<<bad html", strip_tags("<<<bad html")) - assert_equal("<<", strip_tags("<<<bad html>")) - - assert_equal("Weirdos", strip_tags("Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos")) - - assert_equal( - %{This is a test.\n\n\nIt no longer contains any HTML.\n}, strip_tags( - %{<title>This is <b>a <a href="" target="_blank">test</a></b>.</title>\n\n<!-- it has a comment -->\n\n<p>It no <b>longer <strong>contains <em>any <strike>HTML</strike></em>.</strong></b></p>\n})) - - # fails on the blank string - [nil, '', ' '].each do |blank| - stripped = strip_tags(blank) - assert_equal blank, stripped - end - - # Actual: "something " - assert_equal "something <img onerror=alert(1337)", ERB::Util.html_escape(strip_tags("something <img onerror=alert(1337)")) - end - def test_strip_tags - assert_equal("Dont touch me", strip_tags("Dont touch me")) assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>")) - - assert_equal("This is a test.", strip_tags("This is a test.")) - assert_equal "This has a here.", strip_tags("This has a <!-- comment --> here.") - assert_equal "", strip_tags("<script>") end |