From 1d01bad3cedfd690c6d125cac6d4504baa9409e5 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Thu, 15 Oct 2009 09:58:35 +1300
Subject: Make sure non-escaped urls aren't considered safe

---
 actionpack/test/template/url_helper_test.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'actionpack/test')

diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index cc3b2455d7..cec53e479c 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -26,6 +26,11 @@ class UrlHelperTest < ActionView::TestCase
     assert_equal "http://www.example.com?a=b&amp;c=d", url_for(:a => 'b', :c => 'd', :escape => true)
     assert_equal "http://www.example.com?a=b&c=d", url_for(:a => 'b', :c => 'd', :escape => false)
   end
+  
+  def test_url_for_escaping_is_safety_aware
+    assert url_for(:a => 'b', :c => 'd', :escape => true).html_safe?, "escaped urls should be html_safe?"
+    assert !url_for(:a => 'b', :c => 'd', :escape => false).html_safe?, "non-escaped urls shouldn't be safe"
+  end
 
   def test_url_for_escapes_url_once
     @controller.url = "http://www.example.com?a=b&amp;c=d"
-- 
cgit v1.2.3