Add a test to ensure paths on 404 pages are escaped.
This commit is contained in:
parent
8d38b124aa
commit
8e7cc33c49
|
@ -81,6 +81,12 @@ class StaticTest < Minitest::Test
|
||||||
assert not_found?
|
assert not_found?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'path is escaped in 404 error pages' do
|
||||||
|
env = Rack::MockRequest.env_for("/dummy").tap { |env| env["PATH_INFO"] = "/<script>" }
|
||||||
|
_, _, body = @app.call(env)
|
||||||
|
assert_equal(["GET /<script>"], body, "Unexpected response content.")
|
||||||
|
end
|
||||||
|
|
||||||
it 'serves files when .. path traverses within public directory' do
|
it 'serves files when .. path traverses within public directory' do
|
||||||
get "/data/../#{File.basename(__FILE__)}"
|
get "/data/../#{File.basename(__FILE__)}"
|
||||||
assert ok?
|
assert ok?
|
||||||
|
|
Loading…
Reference in New Issue