Permalink
Browse files

fixed to_xml_attributes to properly escape quotes in attribute values

  • Loading branch information...
1 parent a1db3b4 commit 42f398eedab0b2d764dd31890807195ccacd1ef1 Matthew McEachen committed with Oct 15, 2010
Showing with 9 additions and 8 deletions.
  1. +2 −2 lib/crack/core_extensions.rb
  2. +7 −6 test/hash_test.rb
View
4 lib/crack/core_extensions.rb
@@ -122,7 +122,7 @@ def normalize_param(key, value)
# #=> 'one="1" two="TWO"'
def to_xml_attributes
map do |k,v|
- %{#{k.to_s.snake_case.sub(/^(.{1,1})/) { |m| m.downcase }}="#{v}"}
+ %{#{k.to_s.snake_case.sub(/^(.{1,1})/) { |m| m.downcase }}="#{v.to_s.gsub('"', '"')}"}
end.join(' ')
end
-end
+end
View
13 test/hash_test.rb
@@ -3,16 +3,17 @@
class CrackTest < Test::Unit::TestCase
context "to_xml_attributes" do
setup do
- @hash = { :one => "ONE", "two" => "TWO" }
+ @hash = { :one => "ONE", "two" => "TWO", :three => "it \"should\" work" }
end
- should "should turn the hash into xml attributes" do
+ should "turn the hash into xml attributes" do
attrs = @hash.to_xml_attributes
attrs.should =~ /one="ONE"/m
attrs.should =~ /two="TWO"/m
+ attrs.should =~ /three="it &quot;should&quot; work"/m
end
- should 'should preserve _ in hash keys' do
+ should 'preserve _ in hash keys' do
attrs = {
:some_long_attribute => "with short value",
:crash => :burn,
@@ -38,7 +39,7 @@ class CrackTest < Test::Unit::TestCase
end
end
- should 'should not leave a trailing &' do
+ should 'not leave a trailing &' do
{
:name => 'Bob',
:address => {
@@ -49,8 +50,8 @@ class CrackTest < Test::Unit::TestCase
}.to_params.should_not =~ /&$/
end
- should 'should URL encode unsafe characters' do
+ should 'URL encode unsafe characters' do
{:q => "?&\" +"}.to_params.should == "q=%3F%26%22%20%2B"
end
end
-end
+end

0 comments on commit 42f398e

Please sign in to comment.