From 5ffafd809fbfdd0481609210443fcec7fd5a08b8 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Sun, 8 Sep 2013 21:05:18 -0700
Subject: [PATCH] Add tests for `to_json` in Rails 4

---
 test/apps/rails4/app/models/user.rb |  2 ++
 test/tests/rails4.rb                | 38 +++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 test/apps/rails4/app/models/user.rb

diff --git a/test/apps/rails4/app/models/user.rb b/test/apps/rails4/app/models/user.rb
new file mode 100644
index 00000000..4a57cf07
--- /dev/null
+++ b/test/apps/rails4/app/models/user.rb
@@ -0,0 +1,2 @@
+class User < ActiveRecord::Base
+end
diff --git a/test/tests/rails4.rb b/test/tests/rails4.rb
index eee143c4..59feac61 100644
--- a/test/tests/rails4.rb
+++ b/test/tests/rails4.rb
@@ -29,4 +29,42 @@ class Rails4Tests < Test::Unit::TestCase
       :file => /secret_token\.rb/,
       :relative_path => "config/initializers/secret_token.rb"
   end
+
+  def test_json_escaped_by_default_in_rails_4
+    assert_no_warning :type => :template,
+      :warning_code => 5,
+      :fingerprint => "3eedfa40819ce95d1d999ad19464023688a0e8bb881fc3e7683b6c3fffb7e51f",
+      :warning_type => "Cross Site Scripting",
+      :line => 1,
+      :message => /^Unescaped\ model\ attribute\ in\ JSON\ hash/,
+      :confidence => 0,
+      :relative_path => "app/views/users/index.html.erb"
+
+    assert_no_warning :type => :template,
+      :warning_code => 5,
+      :fingerprint => "fb0cb7e94e9a4bebd81ef44b336e02f68bf24f2c40e28d4bb5c21641276ea6cf",
+      :warning_type => "Cross Site Scripting",
+      :line => 3,
+      :message => /^Unescaped\ model\ attribute/,
+      :confidence => 2,
+      :relative_path => "app/views/users/index.html.erb"
+
+    assert_no_warning :type => :template,
+      :warning_code => 5,
+      :fingerprint => "8ce0a9eacf25be1f862b9074e6ba477d2f0e2ac86955b8510052984570b92d14",
+      :warning_type => "Cross Site Scripting",
+      :line => 5,
+      :message => /^Unescaped\ parameter\ value\ in\ JSON\ hash/,
+      :confidence => 0,
+      :relative_path => "app/views/users/index.html.erb"
+
+    assert_no_warning :type => :template,
+      :warning_code => 2,
+      :fingerprint => "b107fcc7742084a766a31332ba5c126f1c1a1cc062884f879dc3204c5f7620c5",
+      :warning_type => "Cross Site Scripting",
+      :line => 7,
+      :message => /^Unescaped\ parameter\ value/,
+      :confidence => 0,
+      :relative_path => "app/views/users/index.html.erb"
+  end
 end
-- 
GitLab