kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Don't use html_escape to test the escaping

Browse source
This commit is contained in:
Rafael Mendonça França 2012-08-05 21:21:14 -03:00
parent 39f4f28993
commit 5edfc46348
4 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/test/template/form_options_helper_test.rb
View file

@ -1124,7 +1124,7 @@ class FormOptionsHelperTest < ActionView::TestCase
def test_options_for_select_with_element_attributes
assert_dom_equal(
"<option value=\"&lt;Denmark&gt;\" class=\"bold\">&lt;Denmark&gt;</option>\n<option value=\"USA\" onclick=\"" + ERB::Util.html_escape("alert('Hello World');") + "\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>",
"<option value=\"&lt;Denmark&gt;\" class=\"bold\">&lt;Denmark&gt;</option>\n<option value=\"USA\" onclick=\"alert(&#x27;Hello World&#x27;);\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>",
options_for_select([ [ "<Denmark>", { :class => 'bold' } ], [ "USA", { :onclick => "alert('Hello World');" } ], [ "Sweden" ], "Germany" ])
)
end

2
actionpack/test/template/form_tag_helper_test.rb
View file

@ -379,7 +379,7 @@ class FormTagHelperTest < ActionView::TestCase
def test_submit_tag
assert_dom_equal(
%(<input name='commit' data-disable-with="Saving..." onclick=") + ERB::Util.html_escape("alert('hello!')") + %(" type="submit" value="Save" />),
%(<input name='commit' data-disable-with="Saving..." onclick="alert(&#x27;hello!&#x27;)" type="submit" value="Save" />),
submit_tag("Save", :onclick => "alert('hello!')", :data => { :disable_with => "Saving..." })
)
end

2
actionpack/test/template/text_helper_test.rb
View file

@ -149,7 +149,7 @@ class TextHelperTest < ActionView::TestCase
end
def test_truncate_with_block_should_escape_the_block
assert_equal "Here is a long test and ...&lt;script&gt;" + ERB::Util.html_escape("alert('foo');") + "&lt;/script&gt;",
assert_equal "Here is a long test and ...&lt;script&gt;alert(&#x27;foo&#x27;);&lt;/script&gt;",
truncate("Here is a long test and I need a continue to read link", :length => 27) { "<script>alert('foo');</script>" }
end

2
actionpack/test/template/url_helper_test.rb
View file

@ -244,7 +244,7 @@ class UrlHelperTest < ActiveSupport::TestCase
def test_link_tag_with_custom_onclick
link = link_to("Hello", "http://www.example.com", :onclick => "alert('yay!')")
expected = %{<a href="http://www.example.com" onclick="} + ERB::Util.html_escape("alert('yay!')") + %{">Hello</a>}
expected = %{<a href="http://www.example.com" onclick="alert(&#x27;yay!&#x27;)">Hello</a>}
assert_dom_equal expected, link
end