mechanize 2.7.6 → 2.12.2

data/test/test_mechanize_file_request.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFileRequest < Mechanize::TestCase

data/test/test_mechanize_file_response.rb

@@ -1,6 +1,11 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFileResponse < Mechanize::TestCase
+  def test_file_path
+    res = Mechanize::FileResponse.new("/path/to/foo.html")
+    assert_equal("/path/to/foo.html", res.file_path)
+  end
 
   def test_content_type
     Tempfile.open %w[pi .nothtml] do |tempfile|
@@ -19,5 +24,25 @@ class TestMechanizeFileResponse < Mechanize::TestCase
     end
   end
 
-end
+  def test_read_body
+    Tempfile.open %w[pi .html] do |tempfile|
+      tempfile.write("asdfasdfasdf")
+      tempfile.close
 
+      res = Mechanize::FileResponse.new(tempfile.path)
+      res.read_body do |input|
+        assert_equal("asdfasdfasdf", input)
+      end
+    end
+  end
+
+  def test_read_body_does_not_allow_command_injection
+    skip if windows?
+    in_tmpdir do
+      FileUtils.touch('| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\'')
+      res = Mechanize::FileResponse.new('| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\'')
+      res.read_body { |_| }
+      refute_operator(File, :exist?, "vul.txt")
+    end
+  end
+end

data/test/test_mechanize_file_saver.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFileSaver < Mechanize::TestCase

data/test/test_mechanize_form.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeForm < Mechanize::TestCase
@@ -65,6 +66,18 @@ class TestMechanizeForm < Mechanize::TestCase
     assert query.all? { |x| x[1] == '' }
   end
 
+  def test_build_query_blank_input_name
+    html = Nokogiri::HTML <<-HTML
+<form>
+  <input type="text" name="" value="foo" />
+</form>
+    HTML
+
+    form = Mechanize::Form.new html.at('form'), @mech, @page
+
+    assert_equal [], form.build_query
+  end
+
   def test_build_query_radio_button_duplicate
     html = Nokogiri::HTML <<-HTML
 <form>
@@ -345,7 +358,7 @@ class TestMechanizeForm < Mechanize::TestCase
     assert_equal 'ticky=1&ticky=0', submitted.parser.at('#query').text
   end
 
-  def test_submit_takes_arbirary_headers
+  def test_submit_takes_arbitrary_headers
     page = @mech.get('http://localhost:2000/form_no_action.html')
     assert form = page.forms.first
     form.action = '/http_headers'

data/test/test_mechanize_form_check_box.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormCheckBox < Mechanize::TestCase

data/test/test_mechanize_form_encoding.rb

@@ -1,4 +1,5 @@
 # coding: utf-8
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormEncoding < Mechanize::TestCase
@@ -8,7 +9,7 @@ class TestMechanizeFormEncoding < Mechanize::TestCase
 
   INPUTTED_VALUE = "テスト" # "test" in Japanese UTF-8 encoding
   CONTENT_ENCODING = 'Shift_JIS' # one of Japanese encoding
-  encoded_value = "\x83\x65\x83\x58\x83\x67".force_encoding(::Encoding::SHIFT_JIS) # "test" in Japanese Shift_JIS encoding
+  encoded_value = "\x83\x65\x83\x58\x83\x67".dup.force_encoding(::Encoding::SHIFT_JIS) # "test" in Japanese Shift_JIS encoding
   EXPECTED_QUERY = "first_name=#{CGI.escape(encoded_value)}&first_name=&gender=&green%5Beggs%5D="
 
   ENCODING_ERRORS = [EncodingError, Encoding::ConverterNotFoundError] # and so on

data/test/test_mechanize_form_field.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormField < Mechanize::TestCase

data/test/test_mechanize_form_file_upload.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormFileUpload < Mechanize::TestCase

data/test/test_mechanize_form_image_button.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormImageButton < Mechanize::TestCase

data/test/test_mechanize_form_keygen.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormKeygen < Mechanize::TestCase
@@ -22,6 +23,7 @@ class TestMechanizeFormKeygen < Mechanize::TestCase
   end
 
   def test_spki_signature
+    skip("JRuby PKI doesn't handle this for reasons I've been unable to understand") if RUBY_ENGINE=~/jruby/
     spki = OpenSSL::Netscape::SPKI.new @keygen.value
     assert_equal @keygen.challenge, spki.challenge
     assert_equal @keygen.key.public_key.to_pem, spki.public_key.to_pem

data/test/test_mechanize_form_multi_select_list.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormMultiSelectList < Mechanize::TestCase

data/test/test_mechanize_form_option.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormOption < Mechanize::TestCase

data/test/test_mechanize_form_radio_button.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormRadioButton < Mechanize::TestCase

data/test/test_mechanize_form_select_list.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormSelectList < Mechanize::TestCase

data/test/test_mechanize_form_textarea.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeFormTextarea < Mechanize::TestCase

data/test/test_mechanize_headers.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeHeaders < Mechanize::TestCase

data/test/test_mechanize_history.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeHistory < Mechanize::TestCase

data/test/test_mechanize_http_agent.rb

@@ -1,6 +1,11 @@
 # coding: utf-8
+# frozen_string_literal: true
 
 require 'mechanize/test_case'
+unless RUBY_PLATFORM == 'java'
+  require 'brotli'
+  require 'zstd-ruby'
+end
 
 class TestMechanizeHttpAgent < Mechanize::TestCase
 
@@ -16,11 +21,7 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     @res.instance_variable_set :@code, 200
     @res.instance_variable_set :@header, {}
 
-    @headers = if RUBY_VERSION >= '2.0.0' then
-                 %w[accept accept-encoding user-agent]
-               else
-                 %w[accept user-agent]
-               end
+    @headers = %w[accept accept-encoding user-agent]
   end
 
   def auth_realm uri, scheme, type
@@ -31,13 +32,10 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     realm
   end
 
-  def jruby_zlib?
+  def skip_if_jruby_zlib
     if RUBY_ENGINE == 'jruby'
-      meth = caller[0][/`(\w+)/, 1]
-      warn "#{meth}: skipped because how Zlib handles error is different in JRuby"
-      true
-    else
-      false
+      meth = caller_locations(1,1).first.base_label
+      skip "#{meth}: skipped because how Zlib handles error is different in JRuby"
     end
   end
 
@@ -205,7 +203,7 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
 
     page = @agent.fetch uri
 
-    assert_equal File.read(foo), page.body
+    assert_equal File.read(foo), page.body.gsub(/\r\n/, "\n")
     assert_kind_of Mechanize::Page, page
   end
 
@@ -582,8 +580,8 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
   def test_request_language_charset
     @agent.request_language_charset @req
 
-    assert_equal 'en-us,en;q=0.5', @req['accept-language']
-    assert_equal 'ISO-8859-1,utf-8;q=0.7,*;q=0.7', @req['accept-charset']
+    assert_equal('en-us,en;q=0.5', @req['accept-language'])
+    assert_nil(@req['accept-charset'])
   end
 
   def test_request_referer
@@ -827,7 +825,11 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     @res.instance_variable_set(:@header,
                                'www-authenticate' => ['Negotiate, NTLM'])
 
-    page = @agent.response_authenticate @res, nil, @uri, @req, {}, nil, nil
+    begin
+      page = @agent.response_authenticate @res, nil, @uri, @req, {}, nil, nil
+    rescue OpenSSL::Digest::DigestError
+      skip "It looks like OpenSSL is not configured to support MD4"
+    end
 
     assert_equal 'ok', page.body # lame test
   end
@@ -926,6 +928,86 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     assert_equal 'part', body.read
   end
 
+  def test_response_content_encoding_brotli_when_brotli_not_loaded
+    skip("only test this on jruby which doesn't have brotli support") unless RUBY_ENGINE == 'jruby'
+
+    @res.instance_variable_set :@header, 'content-encoding' => %w[br]
+    body_io = StringIO.new("content doesn't matter for this test")
+
+    e = assert_raises(Mechanize::Error) do
+      @agent.response_content_encoding(@res, body_io)
+    end
+    assert_includes(e.message, "cannot deflate brotli-encoded response")
+
+    assert(body_io.closed?)
+  end
+
+  def test_response_content_encoding_brotli
+    skip("jruby does not have brotli support") if RUBY_ENGINE == 'jruby'
+
+    @res.instance_variable_set :@header, 'content-encoding' => %w[br]
+    body_io = StringIO.new(Brotli.deflate("this is compressed by brotli"))
+
+    body = @agent.response_content_encoding(@res, body_io)
+
+    assert_equal("this is compressed by brotli", body.read)
+    assert(body_io.closed?)
+  end
+
+  def test_response_content_encoding_brotli_corrupt
+    skip("jruby does not have brotli support") if RUBY_ENGINE == 'jruby'
+
+    @res.instance_variable_set :@header, 'content-encoding' => %w[br]
+    body_io = StringIO.new("not a brotli payload")
+
+    e = assert_raises(Mechanize::Error) do
+      @agent.response_content_encoding(@res, body_io)
+    end
+    assert_includes(e.message, "error inflating brotli-encoded response")
+    assert_kind_of(Brotli::Error, e.cause)
+    assert(body_io.closed?)
+  end
+
+  def test_response_content_encoding_zstd_when_zstd_not_loaded
+    skip("only test this on jruby which doesn't have zstd support") unless RUBY_ENGINE == 'jruby'
+
+    @res.instance_variable_set :@header, 'content-encoding' => %w[zstd]
+    body_io = StringIO.new("content doesn't matter for this test")
+
+    e = assert_raises(Mechanize::Error) do
+      @agent.response_content_encoding(@res, body_io)
+    end
+    assert_includes(e.message, 'cannot deflate zstd-encoded response')
+
+    assert(body_io.closed?)
+  end
+
+  def test_response_content_encoding_zstd
+    skip('jruby does not have zstd support') if RUBY_ENGINE == 'jruby'
+
+    @res.instance_variable_set :@header, 'content-encoding' => %w[zstd]
+    body_io = StringIO.new(Zstd.compress('this is compressed by zstd'))
+
+    body = @agent.response_content_encoding(@res, body_io)
+
+    assert_equal('this is compressed by zstd', body.read)
+    assert(body_io.closed?)
+  end
+
+  def test_response_content_encoding_zstd_corrupt
+    skip('jruby does not have zstd support') if RUBY_ENGINE == 'jruby'
+
+    @res.instance_variable_set :@header, 'content-encoding' => %w[zstd]
+    body_io = StringIO.new('not a zstd payload')
+
+    e = assert_raises(Mechanize::Error) do
+      @agent.response_content_encoding(@res, body_io)
+    end
+    assert_includes(e.message, 'error decompressing zstd-encoded response')
+    assert_kind_of(RuntimeError, e.cause)
+    assert(body_io.closed?)
+  end
+
   def test_response_content_encoding_gzip_corrupt
     log = StringIO.new
     logger = Logger.new log
@@ -935,7 +1017,7 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     body_io = StringIO.new \
       "\037\213\b\0002\002\225M\000\003+H,*\001"
 
-    return if jruby_zlib?
+    skip_if_jruby_zlib
 
     e = assert_raises Mechanize::Error do
       @agent.response_content_encoding @res, body_io
@@ -969,7 +1051,8 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
 
     assert_match %r%invalid compressed data -- crc error%, log.string
   rescue IOError
-    raise unless jruby_zlib?
+    skip_if_jruby_zlib
+    raise
   end
 
   def test_response_content_encoding_gzip_checksum_corrupt_length
@@ -987,7 +1070,8 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
 
     assert_match %r%invalid compressed data -- length error%, log.string
   rescue IOError
-    raise unless jruby_zlib?
+    skip_if_jruby_zlib
+    raise
   end
 
   def test_response_content_encoding_gzip_checksum_truncated
@@ -1005,7 +1089,8 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
 
     assert_match %r%unable to gunzip response: footer is not found%, log.string
   rescue IOError
-    raise unless jruby_zlib?
+    skip_if_jruby_zlib
+    raise
   end
 
   def test_response_content_encoding_gzip_empty
@@ -1027,7 +1112,7 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
 
     body = @agent.response_content_encoding @res, body_io
 
-    expected = "test\xB2"
+    expected = +"test\xB2"
     expected.force_encoding Encoding::BINARY if have_encoding?
 
     content = body.read
@@ -1046,7 +1131,8 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
 
     assert body_io.closed?
   rescue IOError
-    raise unless jruby_zlib?
+    skip_if_jruby_zlib
+    raise
   end
 
   def test_response_content_encoding_none
@@ -1308,8 +1394,13 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     page = @agent.response_parse @res, body, @uri
 
     assert_instance_of Mechanize::Page, page
-    assert_equal 'UTF8', page.encoding
-    assert_equal 'UTF8', page.parser.encoding
+
+    # as of libxml 2.12.0, the result is dependent on how libiconv is built (which aliases are supported)
+    # if the alias "UTF8" is defined, then the result will be "UTF-8".
+    # if the alias "UTF8" is not defined, then the result will be "UTF8".
+    # note that this alias may be defined by Nokogiri itself in its EncodingHandler class.
+    assert_includes ["UTF8", "UTF-8"], page.encoding
+    assert_includes ["UTF8", "UTF-8"], page.parser.encoding
   end
 
   def test_response_parse_content_type_encoding_garbage
@@ -1426,11 +1517,11 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
 
       io = @agent.response_read res, req, uri
 
-      expected = "π\n".force_encoding(Encoding::BINARY)
+      expected = "π\n".dup.force_encoding(Encoding::BINARY)
 
       # Ruby 1.8.7 doesn't let us set the write mode of the tempfile to binary,
       # so we should expect an inserted carriage return on some platforms
-      expected_with_carriage_return = "π\r\n".force_encoding(Encoding::BINARY)
+      expected_with_carriage_return = "π\r\n".dup.force_encoding(Encoding::BINARY)
 
       body = io.read
       assert_match(/^(#{expected}|#{expected_with_carriage_return})$/m, body)
@@ -1508,7 +1599,8 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     headers = {
       'Range' => 'bytes=0-9999',
       'Content-Type' => 'application/x-www-form-urlencoded',
-      'Content-Length' => '9999',
+      'CONTENT-LENGTH' => '9999',
+      'content-md5' => '14758f1afd44c09b7992073ccf00b43d',
     }
 
     page = fake_page
@@ -1520,6 +1612,7 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     assert_match 'range|bytes=0-9999', page.body
     refute_match 'content-type|application/x-www-form-urlencoded', page.body
     refute_match 'content-length|9999', page.body
+    refute_match 'content-md5|14758f1afd44c09b7992073ccf00b43d', page.body
   end
 
   def test_response_redirect_malformed
@@ -1555,6 +1648,69 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
     end
   end
 
+  def test_response_redirect_to_cross_site_with_credential
+    @agent.redirect_ok = true
+
+    headers = {
+      'Range' => 'bytes=0-9999',
+      'AUTHORIZATION' => 'Basic xxx',
+      'cookie' => 'name=value',
+    }
+
+    page = html_page ''
+    page = @agent.response_redirect({ 'Location' => 'http://trap/http_headers' }, :get,
+                                    page, 0, headers)
+
+    refute_includes(headers.keys, "AUTHORIZATION")
+    refute_includes(headers.keys, "cookie")
+
+    assert_match("range|bytes=0-9999", page.body)
+    refute_match("authorization|Basic xxx", page.body)
+    refute_match("cookie|name=value", page.body)
+  end
+
+  def test_response_redirect_to_same_site_with_credential
+    @agent.redirect_ok = true
+
+    headers = {
+      'Range' => 'bytes=0-9999',
+      'AUTHORIZATION' => 'Basic xxx',
+      'cookie' => 'name=value',
+    }
+
+    page = html_page ''
+    page = @agent.response_redirect({ 'Location' => '/http_headers' }, :get,
+                                    page, 0, headers)
+
+    assert_includes(headers.keys, "AUTHORIZATION")
+    assert_includes(headers.keys, "cookie")
+
+    assert_match("range|bytes=0-9999", page.body)
+    assert_match("authorization|Basic xxx", page.body)
+    assert_match("cookie|name=value", page.body)
+  end
+
+  def test_response_redirect_to_same_site_diff_port_with_credential
+    @agent.redirect_ok = true
+
+    headers = {
+      'Range' => 'bytes=0-9999',
+      'AUTHORIZATION' => 'Basic xxx',
+      'cookie' => 'name=value',
+    }
+
+    page = html_page ''
+    page = @agent.response_redirect({ 'Location' => 'http://example:81/http_headers' }, :get,
+                                    page, 0, headers)
+
+    refute_includes(headers.keys, "AUTHORIZATION")
+    assert_includes(headers.keys, "cookie")
+
+    assert_match("range|bytes=0-9999", page.body)
+    refute_match("authorization|Basic xxx", page.body)
+    assert_match("cookie|name=value", page.body)
+  end
+
   def test_response_redirect_not_ok
     @agent.redirect_ok = false
 
@@ -1590,6 +1746,11 @@ class TestMechanizeHttpAgent < Mechanize::TestCase
   end
 
   def test_retry_change_request_equals
+    unless Gem::Requirement.new("< 4.0.0").satisfied_by?(Gem::Version.new(Net::HTTP::Persistent::VERSION))
+      # see https://github.com/drbrain/net-http-persistent/pull/100
+      skip("net-http-persistent 4.0.0 and later does not support retry_change_requests")
+    end
+
     refute @agent.http.retry_change_requests
 
     @agent.retry_change_requests = true

data/test/test_mechanize_http_auth_challenge.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeHttpAuthChallenge < Mechanize::TestCase

data/test/test_mechanize_http_auth_realm.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeHttpAuthRealm < Mechanize::TestCase

data/test/test_mechanize_http_auth_store.rb

@@ -1,4 +1,5 @@
 # coding: utf-8
+# frozen_string_literal: true
 
 require 'mechanize/test_case'
 

data/test/test_mechanize_http_content_disposition_parser.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeHttpContentDispositionParser < Mechanize::TestCase
@@ -30,6 +31,33 @@ class TestMechanizeHttpContentDispositionParser < Mechanize::TestCase
     assert_equal expected,     content_disposition.parameters
   end
 
+  def test_parse_date_iso8601_fallback
+    now = Time.at Time.now.to_i
+
+    content_disposition = @parser.parse \
+      'attachment;' \
+      'filename=value;' \
+      "creation-date=\"#{now.iso8601}\";" \
+      "modification-date=\"#{(now + 1).iso8601}\""
+
+    assert_equal 'attachment', content_disposition.type
+    assert_equal 'value',      content_disposition.filename
+    assert_equal now,          content_disposition.creation_date
+    assert_equal((now + 1),    content_disposition.modification_date)
+  end
+
+  def test_parse_date_invalid
+    now = Time.at Time.now.to_i
+
+    content_disposition = @parser.parse \
+      'attachment;' \
+      'filename=value;' \
+      "creation-date=\"#{now.to_s}\";" \
+      "modification-date=\"#{(now + 1).to_s}\""
+
+    assert_nil content_disposition
+  end
+
   def test_parse_header
     content_disposition = @parser.parse \
       'content-disposition: attachment;filename=value', true

data/test/test_mechanize_http_www_authenticate_parser.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeHttpWwwAuthenticateParser < Mechanize::TestCase

data/test/test_mechanize_image.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeImage < Mechanize::TestCase

data/test/test_mechanize_link.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizeLink < Mechanize::TestCase
@@ -135,6 +136,30 @@ class TestMechanizeLink < Mechanize::TestCase
     assert_equal 'http://foo.bar/%20baz', link.uri.to_s
   end
 
+  def test_uri_weird_with_fragment
+    doc = Nokogiri::HTML::Document.new
+
+    node = Nokogiri::XML::Node.new('foo', doc)
+    node['href'] = 'http://foo.bar/ baz#уважение'
+
+    link = Mechanize::Page::Link.new(node, nil, nil)
+
+    assert_equal '%D1%83%D0%B2%D0%B0%D0%B6%D0%B5%D0%BD%D0%B8%D0%B5', link.uri.fragment
+  end
+
+  def test_bad_uri_raise_compatible_exception
+    doc = Nokogiri::HTML::Document.new
+
+    node = Nokogiri::XML::Node.new('foo', doc)
+    node['href'] = 'http://http:foo.bar/ baz'
+
+    link = Mechanize::Page::Link.new(node, nil, nil)
+
+    assert_raises URI::InvalidURIError do
+      link.uri
+    end
+  end
+
   def test_resolving_full_uri
     page = @mech.get("http://localhost/frame_test.html")
     link = page.link_with(:text => "Form Test")

data/test/test_mechanize_page.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 
 class TestMechanizePage < Mechanize::TestCase
@@ -276,5 +277,19 @@ class TestMechanizePage < Mechanize::TestCase
 		assert_equal page.title, "HTML>TITLE"
 	end
 
+  def test_frozen_string_body
+    html = (<<~HTML).freeze
+      <html>
+        <head>
+          <title>Page Title</title>
+        </head>
+        <body>
+          <p>Hello World</p>
+        </body>
+      </html>
+    HTML
+
+    html_page(html) # refute_raises
+  end
 end