From a358d87e16fa876de29286b69474ab6aaee4a80b Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Thu, 6 Nov 2008 13:02:32 +0100
Subject: Fixed the sanitize helper to avoid double escaping already properly
 escaped entities [#683 state:committed]

---
 actionpack/test/controller/html-scanner/sanitizer_test.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'actionpack/test/controller')

diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb
index a9e8447e32..bae0f5c9fd 100644
--- a/actionpack/test/controller/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -253,6 +253,10 @@ class SanitizerTest < Test::Unit::TestCase
     assert_sanitized "<![CDATA[<span>neverending...", "&lt;![CDATA[&lt;span>neverending...]]>"
   end
 
+  def test_should_not_mangle_urls_with_ampersand
+     assert_sanitized %{<a href=\"http://www.domain.com?var1=1&amp;var2=2\">my link</a>}
+  end
+
 protected
   def assert_sanitized(input, expected = nil)
     @sanitizer ||= HTML::WhiteListSanitizer.new
-- 
cgit v1.2.3