test/integration/drop_test.rb in liquid-4.0.3 vs test/integration/drop_test.rb in liquid-4.0.4
- old
+ new
@@ -46,11 +46,11 @@
def context
ContextDrop.new
end
def user_input
- "foo".taint
+ "foo"
end
protected
def callmenot
@@ -108,35 +108,9 @@
include Liquid
def test_product_drop
tpl = Liquid::Template.parse(' ')
assert_equal ' ', tpl.render!('product' => ProductDrop.new)
- end
-
- def test_rendering_raises_on_tainted_attr
- with_taint_mode(:error) do
- tpl = Liquid::Template.parse('{{ product.user_input }}')
- assert_raises TaintedError do
- tpl.render!('product' => ProductDrop.new)
- end
- end
- end
-
- def test_rendering_warns_on_tainted_attr
- with_taint_mode(:warn) do
- tpl = Liquid::Template.parse('{{ product.user_input }}')
- context = Context.new('product' => ProductDrop.new)
- tpl.render!(context)
- assert_equal [Liquid::TaintedError], context.warnings.map(&:class)
- assert_equal "variable 'product.user_input' is tainted and was not escaped", context.warnings.first.to_s(false)
- end
- end
-
- def test_rendering_doesnt_raise_on_escaped_tainted_attr
- with_taint_mode(:error) do
- tpl = Liquid::Template.parse('{{ product.user_input | escape }}')
- tpl.render!('product' => ProductDrop.new)
- end
end
def test_drop_does_only_respond_to_whitelisted_methods
assert_equal "", Liquid::Template.parse("{{ product.inspect }}").render!('product' => ProductDrop.new)
assert_equal "", Liquid::Template.parse("{{ product.pretty_inspect }}").render!('product' => ProductDrop.new)