From 0c999f4125b04be552a3b7ed1ee7787d53d3a477 Mon Sep 17 00:00:00 2001
From: Rick Olson <technoweenie@gmail.com>
Date: Sun, 3 Sep 2006 00:02:14 +0000
Subject: Update sanitize text helper to strip plaintext tags, and <img
 src=javascript:bang>.  [Rick Olson]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4911 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/test/template/text_helper_test.rb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'actionpack/test/template')

diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb
index babb68ccfa..7cc92e0bd6 100644
--- a/actionpack/test/template/text_helper_test.rb
+++ b/actionpack/test/template/text_helper_test.rb
@@ -195,6 +195,12 @@ class TextHelperTest < Test::Unit::TestCase
     assert_equal "&lt;form action='/foo/bar' method='post'><input>&lt;/form>", result
   end
 
+  def test_sanitize_plaintext
+    raw = "<plaintext><span>foo</span></plaintext>"
+    result = sanitize(raw)
+    assert_equal "&lt;plaintext><span>foo</span>&lt;/plaintext>", result
+  end
+
   def test_sanitize_script
     raw = "<script language=\"Javascript\">blah blah blah</script>"
     result = sanitize(raw)
@@ -213,6 +219,12 @@ class TextHelperTest < Test::Unit::TestCase
     assert_equal %{href="javascript:bang" <a name='hello'>foo</a>, <span>bar</span>}, result
   end
   
+  def test_sanitize_image_src
+    raw = %{src="javascript:bang" <img src="javascript:bang" width="5">foo</img>, <span src="javascript:bang">bar</span>}
+    result = sanitize(raw)
+    assert_equal %{src="javascript:bang" <img width='5'>foo</img>, <span>bar</span>}, result
+  end
+  
   def test_cycle_class
     value = Cycle.new("one", 2, "3")
     assert_equal("one", value.to_s)
-- 
cgit v1.2.3