Sha256: ccf5635ad3b8c813177d8afb6d02772486d74f257e626e13af2092756efb6628
Contents?: true
Size: 1.71 KB
Versions: 1
Compression:
Stored size: 1.71 KB
Contents
describe 'Angular XSS prevention in ERB', :type => :view do
it_should_behave_like 'engine preventing Angular XSS', :partial => 'test_erb'
end
describe ERB::Util do
describe '#html_escape' do
it 'escapes angular braces' do
expect(described_class.html_escape("{{unsafe}}")).to eq("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}")
end
it 'does not modify already HTML safe strings' do
expect(described_class.html_escape("{{safe}}".html_safe)).to eq("{{safe}}")
end
end
describe '#h' do
it 'escapes angular braces' do
expect(described_class.h("{{unsafe}}")).to eq("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}")
end
it 'does not modify already HTML safe strings' do
expect(described_class.h("{{safe}}".html_safe)).to eq("{{safe}}")
end
end
# Rails < 4 does not implement unwrapped_html_escape and html_escape_once
if described_class.method_defined? :unwrapped_html_escape
describe '#unwrapped_html_escape' do
it 'escapes angular braces' do
expect(described_class.unwrapped_html_escape("{{unsafe}}")).to eq("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}")
end
it 'does not modify already HTML safe strings' do
expect(described_class.unwrapped_html_escape("{{safe}}".html_safe)).to eq("{{safe}}")
end
end
end
if described_class.method_defined? :html_escape_once
describe '#html_escape_once' do
it 'escapes angular braces' do
expect(described_class.html_escape_once("{{unsafe}}")).to eq("{{ $root.DOUBLE_LEFT_CURLY_BRACE }}unsafe}}")
end
it 'does not modify already HTML safe strings' do
expect(described_class.html_escape_once("{{safe}}".html_safe)).to eq("{{safe}}")
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| angular_xss-1.0.0 | spec/angular_xss/erb_spec.rb |