forked from rails/rails_xss
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdeprecated_output_safety_test.rb
112 lines (93 loc) · 2.92 KB
/
deprecated_output_safety_test.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
require 'test_helper'
class DeprecatedOutputSafetyTest < ActiveSupport::TestCase
def setup
@string = "hello"
end
test "A string can be marked safe using html_safe!" do
assert_deprecated do
@string.html_safe!
assert @string.html_safe?
end
end
test "Marking a string safe returns the string using html_safe!" do
assert_deprecated do
assert_equal @string, @string.html_safe!
end
end
test "Adding a safe string to another safe string returns a safe string using html_safe!" do
assert_deprecated do
@other_string = "other".html_safe!
@string.html_safe!
@combination = @other_string + @string
assert_equal "otherhello", @combination
assert @combination.html_safe?
end
end
test "Adding an unsafe string to a safe string returns an unsafe string using html_safe!" do
assert_deprecated do
@other_string = "other".html_safe!
@combination = @other_string + "<foo>"
@other_combination = @string + "<foo>"
assert_equal "other<foo>", @combination
assert_equal "hello<foo>", @other_combination
assert [email protected]_safe?
assert !@other_combination.html_safe?
end
end
test "Concatting safe onto unsafe yields unsafe using html_safe!" do
assert_deprecated do
@other_string = "other"
@string.html_safe!
@other_string.concat(@string)
assert !@other_string.html_safe?
end
end
test "Concatting unsafe onto safe yields unsafe using html_safe!" do
assert_deprecated do
@other_string = "other".html_safe!
string = @other_string.concat("<foo>")
assert_equal "other<foo>", string
assert !string.html_safe?
end
end
test "Concatting safe onto safe yields safe using html_safe!" do
assert_deprecated do
@other_string = "other".html_safe!
@string.html_safe!
@other_string.concat(@string)
assert @other_string.html_safe?
end
end
test "Concatting safe onto unsafe with << yields unsafe using html_safe!" do
assert_deprecated do
@other_string = "other"
@string.html_safe!
@other_string << @string
assert !@other_string.html_safe?
end
end
test "Concatting unsafe onto safe with << yields unsafe using html_safe!" do
assert_deprecated do
@other_string = "other".html_safe!
string = @other_string << "<foo>"
assert_equal "other<foo>", string
assert !string.html_safe?
end
end
test "Concatting safe onto safe with << yields safe using html_safe!" do
assert_deprecated do
@other_string = "other".html_safe!
@string.html_safe!
@other_string << @string
assert @other_string.html_safe?
end
end
test "Concatting a fixnum to safe always yields safe using html_safe!" do
assert_deprecated do
@string.html_safe!
@string.concat(13)
assert_equal "hello".concat(13), @string
assert @string.html_safe?
end
end
end