Sha256: 2f1206425a198c3d24931d332b5d03f84eeef40baa46d0e9568f04d2fdaf3d09
Contents?: true
Size: 1.9 KB
Versions: 24
Compression:
Stored size: 1.9 KB
Contents
describe "Fortitude escaping behavior", :type => :system do
it "should escape text by default" do
expect(render(widget_class_with_content { text "hi<>&\"' there" })).to match(/^hi<>&"&#(39|x27); there$/)
end
it "should not escape text tagged as .html_safe" do
expect(render(widget_class_with_content { text "hi<>&\" there".html_safe })).to eq("hi<>&\" there")
end
it "should not escape text output with rawtext" do
expect(render(widget_class_with_content { rawtext "hi<>&\" there" })).to eq("hi<>\&\" there")
end
it "should mark its output as html_safe" do
expect(render(widget_class_with_content { text "hi < there"} )).to be_html_safe
end
it "should mark its output as html_safe, even if output as raw" do
expect(render(widget_class_with_content { rawtext "hi < there"} )).to be_html_safe
end
it "should escape attribute names" do
expect(render(widget_class_with_content { p 'a<b' => 123 })).to eq("<p a<b=\"123\"></p>")
end
it "should escape attribute values" do
expect(render(widget_class_with_content { p :foo => 'a<b' })).to eq("<p foo=\"a<b\"></p>")
end
it "should escape direct arguments to tags" do
expect(render(widget_class_with_content { p "a<b" })).to eq("<p>a<b</p>")
end
it "should escape direct arguments to tags and attributes, even if all together" do
expect(render(widget_class_with_content { p "a<b", 'b>a' => 'a&b' })).to eq("<p b>a=\"a&b\">a<b</p>")
end
it "should still correctly escape very long strings" do
very_long_string = "&" + ("a" * 300) + "<" + ("b" * 300) + ">" + ("c" * 300) + "&" + ("d" * 300) + "&" + ("e" * 300) + "\"";
very_long_string_escaped = "&" + ("a" * 300) + "<" + ("b" * 300) + ">" + ("c" * 300) + "&" + ("d" * 300) + "&" + ("e" * 300) + """
expect(render(widget_class_with_content { text very_long_string })).to eq(very_long_string_escaped)
end
end
Version data entries
24 entries across 24 versions & 1 rubygems