easy_dl 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +0 -1
- data/lib/easy_dl/definition_list_builder.rb +1 -1
- data/lib/easy_dl/version.rb +1 -1
- data/test/dl_helper_test.rb +15 -1
- data/test/test_helper.rb +4 -0
- metadata +2 -2
data/Gemfile
CHANGED
data/lib/easy_dl/version.rb
CHANGED
data/test/dl_helper_test.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require File.expand_path("../test_helper", __FILE__)
|
|
2
2
|
|
|
3
3
|
class DlHelperTest < ActionView::TestCase
|
|
4
4
|
|
|
@@ -39,4 +39,18 @@ class DlHelperTest < ActionView::TestCase
|
|
|
39
39
|
end
|
|
40
40
|
end
|
|
41
41
|
|
|
42
|
+
context 'malicious definition list' do
|
|
43
|
+
setup do
|
|
44
|
+
@person = OpenStruct.new(name: '<script>alert("John")</alert>', surname: '<script>alert("Doe")</alert>')
|
|
45
|
+
concat(definition_list_for(@person, class: 'easy2') do |d|
|
|
46
|
+
d.item :name
|
|
47
|
+
d.item :surname
|
|
48
|
+
end)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
should 'escape html tags' do
|
|
52
|
+
assert_select '.easy2 dd', "<script>alert("John")</alert>"
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
42
56
|
end
|
data/test/test_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: easy_dl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-
|
|
12
|
+
date: 2012-12-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies: []
|
|
14
14
|
description: Gem for generating html definition lists in Rails 3
|
|
15
15
|
email:
|