Permalink
Browse files

Test that csrf meta content is html-escaped, too

  • Loading branch information...
jeremy committed Feb 5, 2010
1 parent 7b1d3a0 commit 31f8a59c16d4a29553e2dbf891c891493fd138c0
Showing with 2 additions and 1 deletion.
  1. +2 −1 actionpack/test/controller/request_forgery_protection_test.rb
@@ -217,8 +217,9 @@ def setup
end
test 'should emit a csrf-token meta tag' do
+ ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?')
get :meta
- assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
+ assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="cf50faa3fe97702ca1ae&lt;=?"/>), @response.body
end
end

0 comments on commit 31f8a59

Please sign in to comment.