From 4ce3b5d6fe6451a7e6951f366d3e3f9324f75fdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Sat, 26 May 2012 13:44:30 -0300 Subject: Test that the block used in truncate is escaped if it is not HTML safe Refactoring the truncate method to not do a sort-circuit return --- actionpack/test/template/text_helper_test.rb | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'actionpack/test/template/text_helper_test.rb') diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index a7333a3af9..4b1c1ef78b 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -60,14 +60,14 @@ class TextHelperTest < ActionView::TestCase simple_format(text) assert_equal text_clone, text end - + def test_simple_format_does_not_modify_the_html_options_hash options = { :class => "foobar"} passed_options = options.dup simple_format("some text", passed_options) assert_equal options, passed_options end - + def test_simple_format_does_not_modify_the_options_hash options = { :wrapper_tag => :div, :sanitize => false } passed_options = options.dup @@ -98,7 +98,7 @@ class TextHelperTest < ActionView::TestCase assert_equal "\354\225\204\353\246\254\353\236\221 \354\225\204\353\246\254 ...".force_encoding('UTF-8'), truncate("\354\225\204\353\246\254\353\236\221 \354\225\204\353\246\254 \354\225\204\353\235\274\353\246\254\354\230\244".force_encoding('UTF-8'), :length => 10) end - + def test_truncate_does_not_modify_the_options_hash options = { :length => 10 } passed_options = options.dup @@ -111,12 +111,6 @@ class TextHelperTest < ActionView::TestCase truncate("Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' } end - def test_truncate_should_not_mutate_the_options_hash - options = { :length => 27 } - truncate("Here's a long test and I need a continue to read link", options) { link_to 'Continue', '#' } - assert_equal({ :length => 27 }, options) - end - def test_truncate_should_be_html_safe assert truncate("Hello World!", :length => 12).html_safe? end @@ -135,6 +129,11 @@ class TextHelperTest < ActionView::TestCase truncate("Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' } end + def test_truncate_with_block_should_escape_the_block + assert_equal "Here's a long test and I...<script>alert('foo');</script>", + truncate("Here's a long test and I need a continue to read link", :length => 27) { "" } + end + def test_highlight_should_be_html_safe assert highlight("This is a beautiful morning", "beautiful").html_safe? end @@ -224,7 +223,7 @@ class TextHelperTest < ActionView::TestCase highlight("
abc div
", "div", :highlighter => '\1') ) end - + def test_highlight_does_not_modify_the_options_hash options = { :highlighter => '\1', :sanitize => false } passed_options = options.dup @@ -277,7 +276,7 @@ class TextHelperTest < ActionView::TestCase def test_excerpt_with_utf8 assert_equal("...\357\254\203ciency could not be...".force_encoding('UTF-8'), excerpt("That's why e\357\254\203ciency could not be helped".force_encoding('UTF-8'), 'could', :radius => 8)) end - + def test_excerpt_does_not_modify_the_options_hash options = { :omission => "[...]",:radius => 5 } passed_options = options.dup @@ -292,7 +291,7 @@ class TextHelperTest < ActionView::TestCase def test_word_wrap_with_extra_newlines assert_equal("my very very\nvery long\nstring\n\nwith another\nline", word_wrap("my very very very long string\n\nwith another line", :line_width => 15)) end - + def test_word_wrap_does_not_modify_the_options_hash options = { :line_width => 15 } passed_options = options.dup -- cgit v1.2.3