module ShouldaModelMacros
def should_sanitize(*attributes)
bad_scripts = [
%|';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>|,
%|'';!--"=&{()}|,
%||,
%|;)
|,
%|)
|,
%|)
|,
%||,
%|![](`javascript:alert("RSnake)
|,
%|![]()
">|,
%|))
|,
%|XSS|,
%|| ]
klass = model_class
attributes.each do |attribute|
attribute = attribute.to_sym
should "white list #{attribute}" do
assert object = klass.find(:first), "Can't find first #{klass}"
bad_scripts.each do |bad_value|
object.send("#{attribute}=", bad_value)
object.save
clean_value = object.send("#{attribute}")
assert !clean_value.include?(bad_value), "#{attribute} is not white listed. #{bad_value} made it through"
end
end
end
end
def should_accept_nested_attributes_for(*attr_names)
klass = self.name.gsub(/Test$/, '').constantize
context "#{klass}" do
attr_names.each do |association_name|
should "accept nested attrs for #{association_name}" do
assert klass.instance_methods.include?("#{association_name}_attributes="),
"#{klass} does not accept nested attributes for #{association_name}"
end
end
end
end
end
class ActiveSupport::TestCase
extend ShouldaModelMacros
end