Test for safe_erb in ActionView::Template, not in ERB

We've been installing safe_erb in all ERB templates, which breaks script/generate and lots of other important stuff. But before we can fix this bug in our custom-hacked safe_erb, we need to narrow our Mephisto unit tests down so that they only test ActionView::Template. A safe_erb update will be along shortly.
rwdaigle · Dec 20, 2008 · 42ccdc1 · 42ccdc1
1 parent e229865
commit 42ccdc1
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/spec/models/safe_erb_spec.rb b/spec/models/safe_erb_spec.rb
@@ -1,20 +1,20 @@
 require File.dirname(__FILE__) + '/../spec_helper'
 
 # Verify that our safe_erb patches are working.
-describe "An ERB template" do
+describe ActionView::Template do
   before :each do
-    @template = ERB.new('<%= var %>')
+    path = File.join(File.dirname(__FILE__), 'safe_erb_template.html.erb')
+    @template = ActionView::Template.new(path)
+    @view = ActionView::Base.new
   end
 
   it "should not raise an error when untained values are interpolated" do
-    var = "foo"
-    assert_equal var, @template.result(binding)
+    assert_equal "foo\n", @template.render_template(@view, :var => 'foo')
   end
 
-  it "should raise an error when tained values are interpolated" do
-    assert_raise RuntimeError do
-      var = "foo".taint
-      @template.result(binding)
+  it "should fail when tainted values are interpolated into HTML" do
+    assert_raise ActionView::TemplateError do
+      @template.render_template(@view, :var => 'foo'.taint)
     end
   end
 end
diff --git a/spec/models/safe_erb_template.html.erb b/spec/models/safe_erb_template.html.erb
@@ -0,0 +1 @@
+<%= var %>