Permalink
Browse files

fix more cases of tainted/escaped HTML output

  • Loading branch information...
1 parent 1be0903 commit 0ae3ba07144d5beb8ee903c243672fc860118179 @justinfrench justinfrench committed Apr 8, 2011
@@ -72,7 +72,7 @@ def legend_html
label_html_options.merge(:class => "label")
)
else
- ""
+ "".html_safe
end
end
@@ -284,6 +284,11 @@
it "should not output the legend" do
output_buffer.should_not have_tag("legend.label")
end
+
+ it "should not cause escaped HTML" do
+ output_buffer.should_not include(">")
+ end
+
end
describe "when :required option is true" do
@@ -184,6 +184,11 @@
it "should not output the legend" do
output_buffer.should_not have_tag("legend.label")
+ output_buffer.should_not include(">")
+ end
+
+ it "should not cause escaped HTML" do
+ output_buffer.should_not include(">")
end
end

0 comments on commit 0ae3ba0

Please sign in to comment.