Adds tests for class attribute parsing on pre/code tags.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4537 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-12-18 17:21:57 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-12-18 17:21:57 +0000
commit: a7595ec19154427bf38812208ac8443c2dca5462 (patch)
tree: 12e2dc30fc240c1edfff2f0708b50adbf8989b9e /test/unit/helpers
parent: 93847ae33740232e7e6e7a6a4a2dba45ea421932 (diff)
download: redmine-a7595ec19154427bf38812208ac8443c2dca5462.tar.gz
redmine-a7595ec19154427bf38812208ac8443c2dca5462.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb
index 4835b340a..4610bee3c 100644
--- a/test/unit/helpers/application_helper_test.rb
+++ b/test/unit/helpers/application_helper_test.rb
@@ -279,6 +279,9 @@ RAW
       "<pre class='foo bar'>some text</pre>" => "<pre class='foo bar'>some text</pre>",
       '<pre class="foo bar">some text</pre>' => '<pre class="foo bar">some text</pre>',
       "<pre onmouseover='alert(1)'>some text</pre>" => "<pre>some text</pre>",
+      # xss
+      '<pre><code class=""onmouseover="alert(1)">text</code></pre>' => '<pre><code>text</code></pre>',
+      '<pre class=""onmouseover="alert(1)">text</pre>' => '<pre>text</pre>',
     }
     to_test.each { |text, result| assert_equal result, textilizable(text) }
   end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-12-18 17:21:57 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-12-18 17:21:57 +0000
commit	a7595ec19154427bf38812208ac8443c2dca5462 (patch)
tree	12e2dc30fc240c1edfff2f0708b50adbf8989b9e /test/unit/helpers
parent	93847ae33740232e7e6e7a6a4a2dba45ea421932 (diff)
download	redmine-a7595ec19154427bf38812208ac8443c2dca5462.tar.gz redmine-a7595ec19154427bf38812208ac8443c2dca5462.zip