kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity

Add a test to ensure paths on 404 pages are escaped.

This commit is contained in:
Chris Gavin 2020-10-05 14:18:49 +01:00
parent 8d38b124aa
commit 8e7cc33c49
No known key found for this signature in database
GPG Key ID: 07F950B80C27E4DA
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/static_test.rb
View File

@ -81,6 +81,12 @@ class StaticTest < Minitest::Test
assert not_found?
end
it 'path is escaped in 404 error pages' do
env = Rack::MockRequest.env_for("/dummy").tap { |env| env["PATH_INFO"] = "/<script>" }
_, _, body = @app.call(env)
assert_equal(["GET &#x2F;&lt;script&gt;"], body, "Unexpected response content.")
end
it 'serves files when .. path traverses within public directory' do
get "/data/../#{File.basename(__FILE__)}"
assert ok?