Add test select_tag escapes prompt

c8a613b9 · Santiago Pastorino · 8f8d8eb1 · c8a613b9
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/form_tag_helper_test.rb +6 -0

未找到文件。
--- a/actionpack/test/template/form_tag_helper_test.rb
+++ b/actionpack/test/template/form_tag_helper_test.rb
@@ -213,6 +213,12 @@ def test_select_tag_with_prompt
    assert_dom_equal expected, actual
  end

+  def test_select_tag_escapes_prompt
+    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>".html_safe, :prompt => "<script>alert(1337)</script>"
+    expected = %(<select id="places" name="places"><option value="">&lt;script&gt;alert(1337)&lt;/script&gt;</option><option>Home</option><option>Work</option><option>Pub</option></select>)
+    assert_dom_equal expected, actual
+  end
+
  def test_select_tag_with_prompt_and_include_blank
    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>".html_safe, :prompt => "string", :include_blank => true
    expected = %(<select name="places" id="places"><option value="">string</option><option value=""></option><option>Home</option><option>Work</option><option>Pub</option></select>)