Sha256: 9d49fa7ed8148514605913138e3063c241dc7f1d04e52ac3c45319d68f4109e4

Contents?: true

Size: 1.89 KB

Versions: 80

Compression:

Stored size: 1.89 KB

Contents

module ShouldaModelMacros

  def should_sanitize(*attributes)
    bad_scripts = [
      %|';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>|,
      %|'';!--"<XSS>=&{()}|,
      %|<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>|,
      %|<IMG SRC="javascript:alert('XSS');">|,
      %|<IMG SRC=javascript:alert('XSS')>|,
      %|<IMG SRC=JaVaScRiPt:alert('XSS')>|,
      %|<IMG SRC=JaVaScRiPt:alert('XSS')>|,
      %|<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>|,
      %|<IMG """><SCRIPT>alert("XSS")</SCRIPT>">|,
      %|<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>|,
      %|<A HREF="h
      tt	p://6&#9;6.000146.0x7.147/">XSS</A>|,
      %|<script>alert('message');</script>| ]
      
    klass = model_class
    attributes.each do |attribute|
      attribute = attribute.to_sym
      should "white list #{attribute}" do
        assert object = klass.find(:first), "Can't find first #{klass}"
        bad_scripts.each do |bad_value|
          object.send("#{attribute}=", bad_value)
          object.save
          clean_value = object.send("#{attribute}")
          assert !clean_value.include?(bad_value), "#{attribute} is not white listed. #{bad_value} made it through"
        end
      end
    end
  end

  def should_accept_nested_attributes_for(*attr_names)
    klass = self.name.gsub(/Test$/, '').constantize
 
    context "#{klass}" do
      attr_names.each do |association_name|
        should "accept nested attrs for #{association_name}" do
          assert  klass.instance_methods.include?("#{association_name}_attributes="),
                  "#{klass} does not accept nested attributes for #{association_name}"
        end
      end
    end
  end
end

class ActiveSupport::TestCase
  extend ShouldaModelMacros
end

Version data entries

80 entries across 80 versions & 3 rubygems

Version Path
overlord-3.0.2 test/rails_test/test/shoulda_macros/models.rb
overlord-3.0.1 test/rails_test/test/shoulda_macros/models.rb
overlord-3.0.0 test/rails_test/test/shoulda_macros/models.rb
overlord-0.1.22 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.21 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.20 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.19 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.18 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.17 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.16 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.15 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.14 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.13 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.12 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.11 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.10 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.9 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.8 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.7 test/rails_root/test/shoulda_macros/models.rb
overlord-0.1.6 test/rails_root/test/shoulda_macros/models.rb