Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Change tainted/untainted wording to permitted/forbidden

  • Loading branch information...
commit 1e1bee3ab985e47fae49d9fd5d2ca946f5d9c533 1 parent 8cfe95d
@guilleiguaran guilleiguaran authored
View
2  ...st/controller/parameters/parameters_taint_test.rb → ...t/controller/parameters/parameters_permit_test.rb
@@ -1,7 +1,7 @@
require 'abstract_unit'
require 'action_controller/metal/strong_parameters'
-class ParametersTaintTest < ActiveSupport::TestCase
+class ParametersPermitTest < ActiveSupport::TestCase
setup do
@params = ActionController::Parameters.new({ person: {
age: "32", name: { first: "David", last: "Heinemeier Hansson" }
View
25 actionpack/test/controller/permitted_params_test.rb
@@ -0,0 +1,25 @@
+require 'abstract_unit'
+
+class PeopleController < ActionController::Base
+ def create
+ render text: params[:person].permitted? ? "permitted" : "forbidden"
+ end
+
+ def create_with_permit
+ render text: params[:person].permit(:name).permitted? ? "permitted" : "forbidden"
+ end
+end
+
+class ActionControllerPermittedParamsTest < ActionController::TestCase
+ tests PeopleController
+
+ test "parameters are forbidden" do
+ post :create, { person: { name: "Mjallo!" } }
+ assert_equal "forbidden", response.body
+ end
+
+ test "parameters can be permitted and are then not forbidden" do
+ post :create_with_permit, { person: { name: "Mjallo!" } }
+ assert_equal "permitted", response.body
+ end
+end
View
25 actionpack/test/controller/tainted_params_test.rb
@@ -1,25 +0,0 @@
-require 'abstract_unit'
-
-class PeopleController < ActionController::Base
- def create
- render text: params[:person].permitted? ? "untainted" : "tainted"
- end
-
- def create_with_permit
- render text: params[:person].permit(:name).permitted? ? "untainted" : "tainted"
- end
-end
-
-class ActionControllerTaintedParamsTest < ActionController::TestCase
- tests PeopleController
-
- test "parameters are tainted" do
- post :create, { person: { name: "Mjallo!" } }
- assert_equal "tainted", response.body
- end
-
- test "parameters can be permitted and are then not tainted" do
- post :create_with_permit, { person: { name: "Mjallo!" } }
- assert_equal "untainted", response.body
- end
-end
Please sign in to comment.
Something went wrong with that request. Please try again.