From 146537926272090867fd28c10ee0d4743006a43e Mon Sep 17 00:00:00 2001 From: Morgan Roderick Date: Thu, 9 Jul 2026 09:37:08 +0200 Subject: [PATCH] fix: address presenter spec flake from Faker apostrophe in flat The "escapes HTML in address elements" test hardcoded flat, city, and postal_code raw in the expected value, but the presenter escapes all fields through ERB::Util.html_escape. When Faker generates a street name containing an apostrophe (e.g. O'Kon Land), html_escape converts it to ' causing a mismatch. Now uses html_escape for all components in the expected value, consistent with the first test in the same describe block. --- spec/presenters/address_presenter_spec.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/spec/presenters/address_presenter_spec.rb b/spec/presenters/address_presenter_spec.rb index 67a08fe69..591c3b1a1 100644 --- a/spec/presenters/address_presenter_spec.rb +++ b/spec/presenters/address_presenter_spec.rb @@ -12,8 +12,9 @@ it 'escapes HTML in address elements' do address.street = '' - html_address = "#{address.flat}
<script>alert("XSS");</script>
" + - "#{address.city}, #{address.postal_code}" + escape = ERB::Util.method(:html_escape) + html_address = "#{escape.call(address.flat)}
<script>alert("XSS");</script>
" + + "#{escape.call(address.city)}, #{escape.call(address.postal_code)}" expect(presenter.to_html).to eq(html_address) end