Permalink
Browse files

Workaround security patched Rails 3.0 XML bug

Rails 3.0 serializes a nil value as <value type="yaml" nil="true"/>
but the security patch raises when it encounters type=yaml. Basically,
Rails 3.0 is badly broken.
  • Loading branch information...
1 parent 5e06e71 commit 8ce09961a7b45771137937fa522936b41b1a3b5c @cgriego committed Jan 18, 2013
Showing with 3 additions and 1 deletion.
  1. +1 −1 spec/functional/active_attr/attributes_spec.rb
  2. +2 −0 spec/functional/active_attr/model_spec.rb
@@ -150,7 +150,7 @@ def self.name
end
describe "#to_xml" do
- subject(:serialized_model) { Hash.from_xml(model.to_xml)["person"] }
+ subject(:serialized_model) { Hash.from_trusted_xml(model.to_xml)["person"] }
include_examples "serialization method"
end
end
@@ -81,6 +81,8 @@ def self.name
it "serializes to/from XML" do
model.first_name = "Chris"
+ model.last_name = "Griego"
+ model.age = 21
model_class.new.from_xml(model.to_xml).first_name.should == "Chris"
end

0 comments on commit 8ce0996

Please sign in to comment.