Sha256: 00c45ffb927e8e4097256625e741c000bb329b977eaa68241e971624ad289be9
Contents?: true
Size: 1.83 KB
Versions: 1
Compression:
Stored size: 1.83 KB
Contents
require 'test_helper'
class InquisitionTest < Test::Unit::TestCase
context "a fine Whisky" do
setup do
@whisky = Whisky.new(:name => "<script>alert('Cragganmore')</script>",
:origin => "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", :abv => 42,
:description => %Q['';!--"<XSS>=&{()}a buttery scotch])
end
should "have heresy removed from name" do
assert_equal "<script>alert('Cragganmore')</script>", @whisky.name
end
should "remove already-ingrained heresey" do
@whisky.instance_variable_set(:@attributes, "name" => "<script>alert('Cragganmore')</script>")
assert_equal "<script>alert('Cragganmore')</script>", @whisky.name
end
should "cleanse heresy before setting" do
@whisky.name = "<script>alert('Cragganmore')</script>"
private_name = @whisky.attributes["name"]
assert_equal "<script>alert('Cragganmore')</script>", private_name
end
should "not cleanse fields not targeted for cleansing" do
assert_equal "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", @whisky.origin
end
should "not cleanse and set fields not targeted for cleansing" do
@whisky.origin = "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>"
private_origin = @whisky.attributes["origin"]
assert_equal "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", @whisky.origin
end
should "not show pain for setting blank attributes" do
@whisky.origin = nil
@whisky.name = nil
assert_equal nil, @whisky.origin
assert_equal nil, @whisky.name
end
should "not show pain for getting blank attributes" do
@whisky.update_attributes(:origin => nil, :name => nil)
assert_equal nil, @whisky.origin
assert_equal nil, @whisky.name
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| thumblemonks-inquisition-0.1.3 | test/inquisition_test.rb |