Sha256: 472ec995e48f6d22d7a8ccbe3a8926884a0c34cbd69e5a87d38dcba092589eb7
Contents?: true
Size: 1.44 KB
Versions: 1
Compression:
Stored size: 1.44 KB
Contents
require 'test_helper'
class InquisitionTest < Test::Unit::TestCase
context "a fine Whisky" do
setup do
@whisky = Whisky.new(:name => "<script>alert('Cragganmore')</script>",
:origin => "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", :abv => 42.0,
:description => %Q['';!--"<XSS>=&{()}a buttery scotch])
end
should "have heresy removed from name" do
assert_equal "<script>alert('Cragganmore')</script>", @whisky.name
end
should "remove already-ingrained heresey" do
@whisky.instance_variable_set(:@name, "<script>alert('Cragganmore')</script>")
assert_equal "<script>alert('Cragganmore')</script>", @whisky.name
end
should "cleanse heresy before setting" do
@whisky.name = "<script>alert('Cragganmore')</script>"
private_name = @whisky.instance_variable_get(:@name)
assert_equal "<script>alert('Cragganmore')</script>", private_name
end
should "not cleanse fields not targeted for cleansing" do
assert_equal "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", @whisky.origin
end
should "not cleanse and set fields not targeted for cleansing" do
@whisky.origin = "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>"
private_origin = @whisky.instance_variable_get(:@origin)
assert_equal "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", @whisky.origin
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| thumblemonks-inquisition-0.1.0 | test/inquisition_test.rb |