From 94333a4c31bd10c1f358c538a167e6a4589bae2d Mon Sep 17 00:00:00 2001 From: Daniel Colson Date: Thu, 25 Jan 2018 18:14:09 -0500 Subject: Use assert_predicate and assert_not_predicate --- actionview/test/template/asset_tag_helper_test.rb | 6 +- actionview/test/template/atom_feed_helper_test.rb | 2 +- actionview/test/template/capture_helper_test.rb | 4 +- actionview/test/template/date_helper_test.rb | 22 +++---- actionview/test/template/erb_util_test.rb | 12 ++-- .../test/template/form_helper/form_with_test.rb | 2 +- actionview/test/template/form_helper_test.rb | 4 +- .../test/template/form_options_helper_test.rb | 6 +- actionview/test/template/form_tag_helper_test.rb | 4 +- actionview/test/template/lookup_context_test.rb | 2 +- actionview/test/template/number_helper_test.rb | 72 +++++++++++----------- .../test/template/output_safety_helper_test.rb | 12 ++-- actionview/test/template/sanitize_helper_test.rb | 2 +- actionview/test/template/tag_helper_test.rb | 4 +- actionview/test/template/text_helper_test.rb | 16 ++--- .../test/template/translation_helper_test.rb | 6 +- actionview/test/template/url_helper_test.rb | 2 +- 17 files changed, 89 insertions(+), 89 deletions(-) (limited to 'actionview/test') diff --git a/actionview/test/template/asset_tag_helper_test.rb b/actionview/test/template/asset_tag_helper_test.rb index 284dacf2d4..6d98eacfb8 100644 --- a/actionview/test/template/asset_tag_helper_test.rb +++ b/actionview/test/template/asset_tag_helper_test.rb @@ -407,7 +407,7 @@ class AssetTagHelperTest < ActionView::TestCase end def test_javascript_include_tag_is_html_safe - assert javascript_include_tag("prototype").html_safe? + assert_predicate javascript_include_tag("prototype"), :html_safe? end def test_javascript_include_tag_relative_protocol @@ -460,8 +460,8 @@ class AssetTagHelperTest < ActionView::TestCase end def test_stylesheet_link_tag_is_html_safe - assert stylesheet_link_tag("dir/file").html_safe? - assert stylesheet_link_tag("dir/other/file", "dir/file2").html_safe? + assert_predicate stylesheet_link_tag("dir/file"), :html_safe? + assert_predicate stylesheet_link_tag("dir/other/file", "dir/file2"), :html_safe? end def test_stylesheet_link_tag_escapes_options diff --git a/actionview/test/template/atom_feed_helper_test.rb b/actionview/test/template/atom_feed_helper_test.rb index 1be20dcaae..8e683cb48a 100644 --- a/actionview/test/template/atom_feed_helper_test.rb +++ b/actionview/test/template/atom_feed_helper_test.rb @@ -257,7 +257,7 @@ class AtomFeedTest < ActionController::TestCase get :index, params: { id: "provide_builder" } # because we pass in the non-default builder, the content generated by the # helper should go 'nowhere'. Leaving the response body blank. - assert @response.body.blank? + assert_predicate @response.body, :blank? end end diff --git a/actionview/test/template/capture_helper_test.rb b/actionview/test/template/capture_helper_test.rb index 8a1c00fd00..31c280a91c 100644 --- a/actionview/test/template/capture_helper_test.rb +++ b/actionview/test/template/capture_helper_test.rb @@ -155,12 +155,12 @@ class CaptureHelperTest < ActionView::TestCase content_for :title do content_tag(:p, "title") end - assert content_for(:title).html_safe? + assert_predicate content_for(:title), :html_safe? content_for :title, "", flush: true content_for(:title) do content_tag(:p, "title") end - assert content_for(:title).html_safe? + assert_predicate content_for(:title), :html_safe? end def test_provide diff --git a/actionview/test/template/date_helper_test.rb b/actionview/test/template/date_helper_test.rb index 97cfd754be..79e52ccc47 100644 --- a/actionview/test/template/date_helper_test.rb +++ b/actionview/test/template/date_helper_test.rb @@ -3593,25 +3593,25 @@ class DateHelperTest < ActionView::TestCase end def test_select_html_safety - assert select_day(16).html_safe? - assert select_month(8).html_safe? - assert select_year(Time.mktime(2003, 8, 16, 8, 4, 18)).html_safe? - assert select_minute(Time.mktime(2003, 8, 16, 8, 4, 18)).html_safe? - assert select_second(Time.mktime(2003, 8, 16, 8, 4, 18)).html_safe? + assert_predicate select_day(16), :html_safe? + assert_predicate select_month(8), :html_safe? + assert_predicate select_year(Time.mktime(2003, 8, 16, 8, 4, 18)), :html_safe? + assert_predicate select_minute(Time.mktime(2003, 8, 16, 8, 4, 18)), :html_safe? + assert_predicate select_second(Time.mktime(2003, 8, 16, 8, 4, 18)), :html_safe? - assert select_minute(8, use_hidden: true).html_safe? - assert select_month(8, prompt: "Choose month").html_safe? + assert_predicate select_minute(8, use_hidden: true), :html_safe? + assert_predicate select_month(8, prompt: "Choose month"), :html_safe? - assert select_time(Time.mktime(2003, 8, 16, 8, 4, 18), {}, { class: "selector" }).html_safe? - assert select_date(Time.mktime(2003, 8, 16), date_separator: " / ", start_year: 2003, end_year: 2005, prefix: "date[first]").html_safe? + assert_predicate select_time(Time.mktime(2003, 8, 16, 8, 4, 18), {}, { class: "selector" }), :html_safe? + assert_predicate select_date(Time.mktime(2003, 8, 16), date_separator: " / ", start_year: 2003, end_year: 2005, prefix: "date[first]"), :html_safe? end def test_object_select_html_safety @post = Post.new @post.written_on = Date.new(2004, 6, 15) - assert date_select("post", "written_on", default: Time.local(2006, 9, 19, 15, 16, 35), include_blank: true).html_safe? - assert time_select("post", "written_on", ignore_date: true).html_safe? + assert_predicate date_select("post", "written_on", default: Time.local(2006, 9, 19, 15, 16, 35), include_blank: true), :html_safe? + assert_predicate time_select("post", "written_on", ignore_date: true), :html_safe? end def test_time_tag_with_date diff --git a/actionview/test/template/erb_util_test.rb b/actionview/test/template/erb_util_test.rb index 8b804105f4..bd702dbe94 100644 --- a/actionview/test/template/erb_util_test.rb +++ b/actionview/test/template/erb_util_test.rb @@ -70,24 +70,24 @@ class ErbUtilTest < ActiveSupport::TestCase def test_json_escape_returns_unsafe_strings_when_passed_unsafe_strings value = json_escape("asdf") - assert !value.html_safe? + assert_not_predicate value, :html_safe? end def test_json_escape_returns_safe_strings_when_passed_safe_strings value = json_escape("asdf".html_safe) - assert value.html_safe? + assert_predicate value, :html_safe? end def test_html_escape_is_html_safe escaped = h("

") assert_equal "<p>", escaped - assert escaped.html_safe? + assert_predicate escaped, :html_safe? end def test_html_escape_passes_html_escape_unmodified escaped = h("

".html_safe) assert_equal "

", escaped - assert escaped.html_safe? + assert_predicate escaped, :html_safe? end def test_rest_in_ascii @@ -104,11 +104,11 @@ class ErbUtilTest < ActiveSupport::TestCase def test_html_escape_once_returns_unsafe_strings_when_passed_unsafe_strings value = html_escape_once("1 < 2 & 3") - assert !value.html_safe? + assert_not_predicate value, :html_safe? end def test_html_escape_once_returns_safe_strings_when_passed_safe_strings value = html_escape_once("1 < 2 & 3".html_safe) - assert value.html_safe? + assert_predicate value, :html_safe? end end diff --git a/actionview/test/template/form_helper/form_with_test.rb b/actionview/test/template/form_helper/form_with_test.rb index 0295ff627d..0d224d0c46 100644 --- a/actionview/test/template/form_helper/form_with_test.rb +++ b/actionview/test/template/form_helper/form_with_test.rb @@ -108,7 +108,7 @@ class FormWithActsLikeFormTagTest < FormWithTest actual = form_with(skip_enforcing_utf8: true) expected = whole_form("http://www.example.com", skip_enforcing_utf8: true) assert_dom_equal expected, actual - assert actual.html_safe? + assert_predicate actual, :html_safe? end def test_form_with_with_block_in_erb diff --git a/actionview/test/template/form_helper_test.rb b/actionview/test/template/form_helper_test.rb index 6a317e1a12..b8fad090c5 100644 --- a/actionview/test/template/form_helper_test.rb +++ b/actionview/test/template/form_helper_test.rb @@ -612,7 +612,7 @@ class FormHelperTest < ActionView::TestCase end def test_check_box_is_html_safe - assert check_box("post", "secret").html_safe? + assert_predicate check_box("post", "secret"), :html_safe? end def test_check_box_checked_if_object_value_is_same_that_check_value @@ -775,7 +775,7 @@ class FormHelperTest < ActionView::TestCase end def test_check_box_with_nil_unchecked_value_is_html_safe - assert check_box("post", "secret", {}, "on", nil).html_safe? + assert_predicate check_box("post", "secret", {}, "on", nil), :html_safe? end def test_check_box_with_multiple_behavior diff --git a/actionview/test/template/form_options_helper_test.rb b/actionview/test/template/form_options_helper_test.rb index 642f450f91..f82eada869 100644 --- a/actionview/test/template/form_options_helper_test.rb +++ b/actionview/test/template/form_options_helper_test.rb @@ -354,7 +354,7 @@ class FormOptionsHelperTest < ActionView::TestCase end def test_option_groups_from_collection_for_select_returns_html_safe_string - assert option_groups_from_collection_for_select(dummy_continents, "countries", "continent_name", "country_id", "country_name", "dk").html_safe? + assert_predicate option_groups_from_collection_for_select(dummy_continents, "countries", "continent_name", "country_id", "country_name", "dk"), :html_safe? end def test_grouped_options_for_select_with_array @@ -402,7 +402,7 @@ class FormOptionsHelperTest < ActionView::TestCase end def test_grouped_options_for_select_returns_html_safe_string - assert grouped_options_for_select([["Hats", ["Baseball Cap", "Cowboy Hat"]]]).html_safe? + assert_predicate grouped_options_for_select([["Hats", ["Baseball Cap", "Cowboy Hat"]]]), :html_safe? end def test_grouped_options_for_select_with_prompt_returns_html_escaped_string @@ -492,7 +492,7 @@ class FormOptionsHelperTest < ActionView::TestCase end def test_time_zone_options_returns_html_safe_string - assert time_zone_options_for_select.html_safe? + assert_predicate time_zone_options_for_select, :html_safe? end def test_select diff --git a/actionview/test/template/form_tag_helper_test.rb b/actionview/test/template/form_tag_helper_test.rb index 5e328ebf53..0d9bf77f98 100644 --- a/actionview/test/template/form_tag_helper_test.rb +++ b/actionview/test/template/form_tag_helper_test.rb @@ -142,14 +142,14 @@ class FormTagHelperTest < ActionView::TestCase actual = form_tag({}, { enforce_utf8: true }) expected = whole_form("http://www.example.com", enforce_utf8: true) assert_dom_equal expected, actual - assert actual.html_safe? + assert_predicate actual, :html_safe? end def test_form_tag_enforce_utf8_false actual = form_tag({}, { enforce_utf8: false }) expected = whole_form("http://www.example.com", enforce_utf8: false) assert_dom_equal expected, actual - assert actual.html_safe? + assert_predicate actual, :html_safe? end def test_form_tag_with_block_in_erb diff --git a/actionview/test/template/lookup_context_test.rb b/actionview/test/template/lookup_context_test.rb index 402ee9b6ae..beee76f711 100644 --- a/actionview/test/template/lookup_context_test.rb +++ b/actionview/test/template/lookup_context_test.rb @@ -35,7 +35,7 @@ class LookupContextTest < ActiveSupport::TestCase test "allows me to freeze and retrieve frozen formats" do @lookup_context.formats.freeze - assert @lookup_context.formats.frozen? + assert_predicate @lookup_context.formats, :frozen? end test "provides getters and setters for variants" do diff --git a/actionview/test/template/number_helper_test.rb b/actionview/test/template/number_helper_test.rb index e92bf66203..357ae1326a 100644 --- a/actionview/test/template/number_helper_test.rb +++ b/actionview/test/template/number_helper_test.rb @@ -126,43 +126,43 @@ class NumberHelperTest < ActionView::TestCase end def test_number_helpers_outputs_are_html_safe - assert number_to_human(1).html_safe? - assert !number_to_human("").html_safe? - assert number_to_human("asdf".html_safe).html_safe? - assert number_to_human("1".html_safe).html_safe? - - assert number_to_human_size(1).html_safe? - assert number_to_human_size(1000000).html_safe? - assert !number_to_human_size("").html_safe? - assert number_to_human_size("asdf".html_safe).html_safe? - assert number_to_human_size("1".html_safe).html_safe? - - assert number_with_precision(1, strip_insignificant_zeros: false).html_safe? - assert number_with_precision(1, strip_insignificant_zeros: true).html_safe? - assert !number_with_precision("").html_safe? - assert number_with_precision("asdf".html_safe).html_safe? - assert number_with_precision("1".html_safe).html_safe? - - assert number_to_currency(1).html_safe? - assert !number_to_currency("").html_safe? - assert number_to_currency("asdf".html_safe).html_safe? - assert number_to_currency("1".html_safe).html_safe? - - assert number_to_percentage(1).html_safe? - assert !number_to_percentage("").html_safe? - assert number_to_percentage("asdf".html_safe).html_safe? - assert number_to_percentage("1".html_safe).html_safe? - - assert number_to_phone(1).html_safe? + assert_predicate number_to_human(1), :html_safe? + assert_not_predicate number_to_human(""), :html_safe? + assert_predicate number_to_human("asdf".html_safe), :html_safe? + assert_predicate number_to_human("1".html_safe), :html_safe? + + assert_predicate number_to_human_size(1), :html_safe? + assert_predicate number_to_human_size(1000000), :html_safe? + assert_not_predicate number_to_human_size(""), :html_safe? + assert_predicate number_to_human_size("asdf".html_safe), :html_safe? + assert_predicate number_to_human_size("1".html_safe), :html_safe? + + assert_predicate number_with_precision(1, strip_insignificant_zeros: false), :html_safe? + assert_predicate number_with_precision(1, strip_insignificant_zeros: true), :html_safe? + assert_not_predicate number_with_precision(""), :html_safe? + assert_predicate number_with_precision("asdf".html_safe), :html_safe? + assert_predicate number_with_precision("1".html_safe), :html_safe? + + assert_predicate number_to_currency(1), :html_safe? + assert_not_predicate number_to_currency(""), :html_safe? + assert_predicate number_to_currency("asdf".html_safe), :html_safe? + assert_predicate number_to_currency("1".html_safe), :html_safe? + + assert_predicate number_to_percentage(1), :html_safe? + assert_not_predicate number_to_percentage(""), :html_safe? + assert_predicate number_to_percentage("asdf".html_safe), :html_safe? + assert_predicate number_to_percentage("1".html_safe), :html_safe? + + assert_predicate number_to_phone(1), :html_safe? assert_equal "<script></script>", number_to_phone("") - assert number_to_phone("").html_safe? - assert number_to_phone("asdf".html_safe).html_safe? - assert number_to_phone("1".html_safe).html_safe? - - assert number_with_delimiter(1).html_safe? - assert !number_with_delimiter("").html_safe? - assert number_with_delimiter("asdf".html_safe).html_safe? - assert number_with_delimiter("1".html_safe).html_safe? + assert_predicate number_to_phone(""), :html_safe? + assert_predicate number_to_phone("asdf".html_safe), :html_safe? + assert_predicate number_to_phone("1".html_safe), :html_safe? + + assert_predicate number_with_delimiter(1), :html_safe? + assert_not_predicate number_with_delimiter(""), :html_safe? + assert_predicate number_with_delimiter("asdf".html_safe), :html_safe? + assert_predicate number_with_delimiter("1".html_safe), :html_safe? end def test_number_helpers_should_raise_error_if_invalid_when_specified diff --git a/actionview/test/template/output_safety_helper_test.rb b/actionview/test/template/output_safety_helper_test.rb index b5e9a77105..faeeded1c8 100644 --- a/actionview/test/template/output_safety_helper_test.rb +++ b/actionview/test/template/output_safety_helper_test.rb @@ -12,7 +12,7 @@ class OutputSafetyHelperTest < ActionView::TestCase test "raw returns the safe string" do result = raw(@string) assert_equal @string, result - assert result.html_safe? + assert_predicate result, :html_safe? end test "raw handles nil values correctly" do @@ -53,11 +53,11 @@ class OutputSafetyHelperTest < ActionView::TestCase test "to_sentence should escape non-html_safe values" do actual = to_sentence(%w(< > & ' ")) - assert actual.html_safe? + assert_predicate actual, :html_safe? assert_equal("<, >, &, ', and "", actual) actual = to_sentence(%w(").html_safe? + assert_predicate sanitize(""), :html_safe? end end diff --git a/actionview/test/template/tag_helper_test.rb b/actionview/test/template/tag_helper_test.rb index a746b9c1b5..9a6226fd04 100644 --- a/actionview/test/template/tag_helper_test.rb +++ b/actionview/test/template/tag_helper_test.rb @@ -81,7 +81,7 @@ class TagHelperTest < ActionView::TestCase def test_content_tag assert_equal "Create", content_tag("a", "Create", "href" => "create") - assert content_tag("a", "Create", "href" => "create").html_safe? + assert_predicate content_tag("a", "Create", "href" => "create"), :html_safe? assert_equal content_tag("a", "Create", "href" => "create"), content_tag("a", "Create", href: "create") assert_equal "

<script>evil_js</script>

", @@ -92,7 +92,7 @@ class TagHelperTest < ActionView::TestCase def test_tag_builder_with_content assert_equal "
Content
", tag.div("Content", id: "post_1") - assert tag.div("Content", id: "post_1").html_safe? + assert_predicate tag.div("Content", id: "post_1"), :html_safe? assert_equal tag.div("Content", id: "post_1"), tag.div("Content", "id": "post_1") assert_equal "

<script>evil_js</script>

", diff --git a/actionview/test/template/text_helper_test.rb b/actionview/test/template/text_helper_test.rb index f247de066f..45edfe18be 100644 --- a/actionview/test/template/text_helper_test.rb +++ b/actionview/test/template/text_helper_test.rb @@ -19,12 +19,12 @@ class TextHelperTest < ActionView::TestCase end def test_simple_format_should_be_html_safe - assert simple_format(" test with html tags ").html_safe? + assert_predicate simple_format(" test with html tags "), :html_safe? end def test_simple_format_included_in_isolation helper_klass = Class.new { include ActionView::Helpers::TextHelper } - assert helper_klass.new.simple_format(" test with html tags ").html_safe? + assert_predicate helper_klass.new.simple_format(" test with html tags "), :html_safe? end def test_simple_format @@ -123,7 +123,7 @@ class TextHelperTest < ActionView::TestCase end def test_truncate_should_be_html_safe - assert truncate("Hello World!", length: 12).html_safe? + assert_predicate truncate("Hello World!", length: 12), :html_safe? end def test_truncate_should_escape_the_input @@ -136,12 +136,12 @@ class TextHelperTest < ActionView::TestCase def test_truncate_with_escape_false_should_be_html_safe truncated = truncate("Hello World!!", length: 12, escape: false) - assert truncated.html_safe? + assert_predicate truncated, :html_safe? end def test_truncate_with_block_should_be_html_safe truncated = truncate("Here's a long test and I need a continue to read link", length: 27) { link_to "Continue", "#" } - assert truncated.html_safe? + assert_predicate truncated, :html_safe? end def test_truncate_with_block_should_escape_the_input @@ -156,7 +156,7 @@ class TextHelperTest < ActionView::TestCase def test_truncate_with_block_with_escape_false_should_be_html_safe truncated = truncate("Here's a long test and I need a continue to read link", length: 27, escape: false) { link_to "Continue", "#" } - assert truncated.html_safe? + assert_predicate truncated, :html_safe? end def test_truncate_with_block_should_escape_the_block @@ -165,7 +165,7 @@ class TextHelperTest < ActionView::TestCase end def test_highlight_should_be_html_safe - assert highlight("This is a beautiful morning", "beautiful").html_safe? + assert_predicate highlight("This is a beautiful morning", "beautiful"), :html_safe? end def test_highlight @@ -297,7 +297,7 @@ class TextHelperTest < ActionView::TestCase end def test_excerpt_should_not_be_html_safe - assert !excerpt("This is a beautiful! morning", "beautiful", radius: 5).html_safe? + assert_not_predicate excerpt("This is a beautiful! morning", "beautiful", radius: 5), :html_safe? end def test_excerpt_in_borderline_cases diff --git a/actionview/test/template/translation_helper_test.rb b/actionview/test/template/translation_helper_test.rb index 8956a584ff..f40595bf4d 100644 --- a/actionview/test/template/translation_helper_test.rb +++ b/actionview/test/template/translation_helper_test.rb @@ -75,7 +75,7 @@ class TranslationHelperTest < ActiveSupport::TestCase def test_returns_missing_translation_message_with_unescaped_interpolation expected = 'Missing' assert_equal expected, translate(:"translations.missing", name: "Kir", year: "2015", vulnerable: %{" onclick="alert()"}) - assert translate(:"translations.missing").html_safe? + assert_predicate translate(:"translations.missing"), :html_safe? end def test_returns_missing_translation_message_does_filters_out_i18n_options @@ -145,11 +145,11 @@ class TranslationHelperTest < ActiveSupport::TestCase end def test_translate_marks_translations_named_html_as_safe_html - assert translate(:'translations.html').html_safe? + assert_predicate translate(:'translations.html'), :html_safe? end def test_translate_marks_translations_with_a_html_suffix_as_safe_html - assert translate(:'translations.hello_html').html_safe? + assert_predicate translate(:'translations.hello_html'), :html_safe? end def test_translate_escapes_interpolations_in_translations_with_a_html_suffix diff --git a/actionview/test/template/url_helper_test.rb b/actionview/test/template/url_helper_test.rb index 0cd0386cac..8bccda481b 100644 --- a/actionview/test/template/url_helper_test.rb +++ b/actionview/test/template/url_helper_test.rb @@ -663,7 +663,7 @@ class UrlHelperTest < ActiveSupport::TestCase end def test_mail_to_returns_html_safe_string - assert mail_to("david@loudthinking.com").html_safe? + assert_predicate mail_to("david@loudthinking.com"), :html_safe? end def test_mail_to_with_block -- cgit v1.2.3 From 0f98954a83a5ec1d7c8def958422a62f0ead59a1 Mon Sep 17 00:00:00 2001 From: bogdanvlviv Date: Fri, 28 Jul 2017 06:18:43 +0000 Subject: Clean up and consolidate .gitignores * Global ignores at toplevel .gitignore * Component-specific ignores in each toplevel directory * Remove `actionview/test/tmp/.keep` for JRuby ``` rm actionview/test/tmp/ -fr cd actionview/ bundle exec jruby -Itest test/template/digestor_test.rb ``` Related to #11743, #30392. Closes #29978. --- actionview/test/fixtures/public/.gitignore | 1 - actionview/test/tmp/.keep | 0 actionview/test/ujs/.gitignore | 1 - 3 files changed, 2 deletions(-) delete mode 100644 actionview/test/fixtures/public/.gitignore delete mode 100644 actionview/test/tmp/.keep delete mode 100644 actionview/test/ujs/.gitignore (limited to 'actionview/test') diff --git a/actionview/test/fixtures/public/.gitignore b/actionview/test/fixtures/public/.gitignore deleted file mode 100644 index 312e635ee6..0000000000 --- a/actionview/test/fixtures/public/.gitignore +++ /dev/null @@ -1 +0,0 @@ -absolute/* diff --git a/actionview/test/tmp/.keep b/actionview/test/tmp/.keep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/actionview/test/ujs/.gitignore b/actionview/test/ujs/.gitignore deleted file mode 100644 index 31dbbff57c..0000000000 --- a/actionview/test/ujs/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/log -- cgit v1.2.3 From d4eb0dc89ee6b476e2e10869dc282a96f956c6c7 Mon Sep 17 00:00:00 2001 From: Jeremy Daer Date: Sat, 17 Feb 2018 13:02:18 -0800 Subject: Rails 6 requires Ruby 2.4.1+ Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug. References #32028 --- actionview/test/template/date_helper_test.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'actionview/test') diff --git a/actionview/test/template/date_helper_test.rb b/actionview/test/template/date_helper_test.rb index 79e52ccc47..94357d5f90 100644 --- a/actionview/test/template/date_helper_test.rb +++ b/actionview/test/template/date_helper_test.rb @@ -144,15 +144,13 @@ class DateHelperTest < ActionView::TestCase rubinius_skip "Date is written in Ruby and relies on Fixnum#/" jruby_skip "Date is written in Ruby and relies on Fixnum#/" - klass = RUBY_VERSION > "2.4" ? Integer : Fixnum - # Make sure that we avoid {Integer,Fixnum}#/ (redefined by mathn) - klass.send :private, :/ + Integer.send :private, :/ from = Time.utc(2004, 6, 6, 21, 45, 0) assert_distance_of_time_in_words(from) ensure - klass.send :public, :/ + Integer.send :public, :/ end def test_time_ago_in_words_passes_include_seconds -- cgit v1.2.3 From 31abee0341cb9d19f0234da7b42dddbabfcd1d4a Mon Sep 17 00:00:00 2001 From: Andrew White Date: Fri, 16 Feb 2018 13:21:48 +0000 Subject: Add support for automatic nonce generation for Rails UJS Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689. --- actionview/test/ujs/public/test/call-ajax.js | 3 +-- actionview/test/ujs/server.rb | 26 ++++++++++++++++------ .../test/ujs/views/layouts/application.html.erb | 7 +++--- 3 files changed, 24 insertions(+), 12 deletions(-) (limited to 'actionview/test') diff --git a/actionview/test/ujs/public/test/call-ajax.js b/actionview/test/ujs/public/test/call-ajax.js index 49e64cad5c..4d0bfb0806 100644 --- a/actionview/test/ujs/public/test/call-ajax.js +++ b/actionview/test/ujs/public/test/call-ajax.js @@ -8,7 +8,6 @@ module('call-ajax', { }) asyncTest('call ajax without "ajax:beforeSend"', 1, function() { - var link = $('#qunit-fixture a') link.bindNative('click', function() { Rails.ajax({ @@ -21,7 +20,7 @@ asyncTest('call ajax without "ajax:beforeSend"', 1, function() { }) link.triggerNative('click') - setTimeout(function() { start() }, 13) + setTimeout(function() { start() }, 50) }) })() diff --git a/actionview/test/ujs/server.rb b/actionview/test/ujs/server.rb index 7d1bab4b2a..48e9bcb65f 100644 --- a/actionview/test/ujs/server.rb +++ b/actionview/test/ujs/server.rb @@ -23,18 +23,30 @@ module UJS config.public_file_server.enabled = true config.logger = Logger.new(STDOUT) config.log_level = :error + + config.content_security_policy do |policy| + policy.default_src :self, :https + policy.font_src :self, :https, :data + policy.img_src :self, :https, :data + policy.object_src :none + policy.script_src :self, :https + policy.style_src :self, :https + end + + config.content_security_policy_nonce_generator = ->(req) { SecureRandom.base64(16) } end end module TestsHelper def test_to(*names) - names = ["/vendor/qunit.js", "settings"] + names - names.map { |name| script_tag name }.join("\n").html_safe - end + names = names.map { |name| "/test/#{name}.js" } + names = %w[/vendor/qunit.js /test/settings.js] + names - def script_tag(src) - src = "/test/#{src}.js" unless src.index("/") - %().html_safe + capture do + names.each do |name| + concat(javascript_include_tag(name)) + end + end end end @@ -56,7 +68,7 @@ class TestsController < ActionController::Base elsif params[:iframe] payload = JSON.generate(data).gsub("<", "<").gsub(">", ">") html = <<-HTML - diff --git a/actionview/test/ujs/views/layouts/application.html.erb b/actionview/test/ujs/views/layouts/application.html.erb index c787e77b84..8f6f6fc17f 100644 --- a/actionview/test/ujs/views/layouts/application.html.erb +++ b/actionview/test/ujs/views/layouts/application.html.erb @@ -2,9 +2,10 @@ <%= @title %> + <%= csp_meta_tag %> - - <%= script_tag "/rails-ujs.js" %> + <% end %> + <%= javascript_include_tag "/rails-ujs.js" %> -- cgit v1.2.3