On Apr 19, 2011, at 11:51 AM, iwasrobbed wrote:
I want to test that the JSON response from a create action is
sanitized properly, but rspec or webrat appears to be parsing the
output into proper HTML chars instead of escaped characters. I have
verified that it escapes properly in the regular browser json
response.
The relevant RSpec test code is:
include ActionView::Helpers::TextHelper
include ActionView::Helpers::UrlHelper
it "should automatically sanitize any HTML or script characters"
do
post :create, :post_id => @post.id,
:content => "<h1>Oh Hai!</h1><script>",
:user_id => @user.id,
:format => 'js'
# get json response
json = JSON.parse(response.body)
json['html'].should_not be_nil
json['html'].should contain("#{h('<h1>Oh Hai!</h1><script>')}")
Do you really mean to have the h() call in there? THAT is escaping the
characters (h is an alias for html_escape).
-Rob
end
How would I go about testing this properly? This is the error showing
what webrat expected versus what it received:
expected the following element's content to include:
"<h1>Oh Hai!</h1><script>"
instead received:
<h1>Oh Hai!</h1><script>
_______________________________________________
rspec-users mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/rspec-users
Rob Biedenharn
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/
_______________________________________________
rspec-users mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/rspec-users
