1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionview/test/template/html_test.rb
Rafael Mendonça França 33cb47ee48 Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
2014-02-18 16:12:51 -03:00

17 lines
585 B
Ruby

require 'abstract_unit'
class HTMLTest < ActiveSupport::TestCase
test 'formats returns symbol for recognized MIME type' do
assert_equal [:html], ActionView::Template::HTML.new('', :html).formats
end
test 'formats returns string for recognized MIME type when MIME does not have symbol' do
foo = Mime::Type.lookup("foo")
assert_nil foo.to_sym
assert_equal ['foo'], ActionView::Template::HTML.new('', foo).formats
end
test 'formats returns string for unknown MIME type' do
assert_equal ['foo'], ActionView::Template::HTML.new('', 'foo').formats
end
end