This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Add valid work with serialize field

Signed-off-by: Luke Francl <look@recursion.org>
  • Loading branch information...
shaliko authored and look committed May 17, 2009
1 parent 659ee57 commit 724aba589e2e753e7b0cfaf3196548f493b169da
Showing with 42 additions and 2 deletions.
  1. +1 −1 lib/xss_terminate.rb
  2. +19 −0 test/models/group.rb
  3. +9 −0 test/schema.rb
  4. +2 −1 test/setup_test.rb
  5. +11 −0 test/xss_terminate_test.rb
View
@@ -34,7 +34,7 @@ def sanitize_fields
field = column.name.to_sym
value = self[field]
- next if value.nil?
+ next if value.nil? || !value.is_a?(String)
if xss_terminate_options[:except].include?(field)
next
View
@@ -0,0 +1,19 @@
+# Group
+class Group < ActiveRecord::Base
+ belongs_to :person
+ validates_presence_of :title, :members, :description
+
+ serialize :members
+
+ before_validation :build_empty_members, :if => :empty_members?
+
+ protected
+ def empty_members?
+ self.members.blank?
+ end
+
+ def build_empty_members
+ self.members = []
+ end
+
+end
View
@@ -37,4 +37,13 @@
t.text :data
t.timestamps
end
+
+ create_table :groups, :force => true do |t|
+ t.column :person_id, :integer
+ t.column :title, :string
+ t.column :description, :string
+ t.column :members, :text
+ t.timestamps
+ end
+
end
View
@@ -13,4 +13,5 @@
require File.join(File.dirname(__FILE__), 'models/entry')
require File.join(File.dirname(__FILE__), 'models/comment')
require File.join(File.dirname(__FILE__), 'models/message')
-require File.join(File.dirname(__FILE__), 'models/review')
+require File.join(File.dirname(__FILE__), 'models/review')
+require File.join(File.dirname(__FILE__), 'models/group')
View
@@ -69,4 +69,15 @@ def test_do_not_save_invalid_models_after_sanitizing
assert !c.save
assert_not_nil c.errors.on(:title)
end
+
+ def test_valid_work_with_serialize_fields
+ g = Group.new(:title => "XSS Terminate group", :description => 'desc', :members => [1,2,3])
+ assert g.save
+ end
+
+ def test_valid_work_with_number_fields
+ g = Group.new(:title => "XSS Terminate group", :description => 123456, :members => {:hash => 'rocket'})
+ assert g.save
+ end
+
end

0 comments on commit 724aba5

Please sign in to comment.