Permalink
Browse files

Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrop…

…hes a few times, so fix up the test to work with however it chooses to escape.
  • Loading branch information...
jeremy authored and sikachu committed Oct 7, 2012
1 parent 2a5f6d8 commit 42d7927c22a2c219d6145d9375be65a04a83dce3
Showing with 1 addition and 1 deletion.
  1. +1 −1 actionpack/test/template/html-scanner/sanitizer_test.rb
@@ -210,7 +210,7 @@ def test_should_not_fall_for_ridiculous_hack
# TODO: Clean up
def test_should_sanitize_attributes
- assert_sanitized %(<SPAN title="'><script>alert()</script>">blah</SPAN>), %(<span title="'&gt;&lt;script&gt;alert()&lt;/script&gt;">blah</span>)
+ assert_sanitized %(<SPAN title="'><script>alert()</script>">blah</SPAN>), %(<span title="#{CGI.escapeHTML "'><script>alert()</script>"}">blah</span>)
end
def test_should_sanitize_illegal_style_properties

0 comments on commit 42d7927

Please sign in to comment.