test/view_test.rb in will_paginate-2.3.16 vs test/view_test.rb in will_paginate-2.3.17
- old
+ new
@@ -239,10 +239,17 @@
def test_will_paginate_preserves_parameters_on_get
@request.params :foo => { :bar => 'baz' }
paginate
assert_links_match /foo%5Bbar%5D=baz/
end
-
+
+ def test_will_paginate_prevents_host_and_protocol_tampering
+ @request.params :host => 'disney.com', :protocol => 'javascript'
+ paginate
+ assert_no_links_match /disney/
+ assert_no_links_match /javascript/
+ end
+
def test_will_paginate_doesnt_preserve_parameters_on_post
@request.post
@request.params :foo => 'bar'
paginate
assert_no_links_match /foo=bar/