filter all possibly class values on code tags in Textile (#25742)

Contributed by Holger Just from Planio.

git-svn-id: http://svn.redmine.org/redmine/trunk@19333 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 8 insertions, 0 deletions

diff --git a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
index 61c5cdfb7..19128524e 100644
--- a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
+++ b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
@@ -562,9 +562,17 @@ class Redmine::WikiFormatting::TextileFormatterTest < ActionView::TestCase
   def test_should_not_allow_arbitrary_class_attribute_on_offtags
     %w(code pre kbd).each do |tag|
       assert_html_output({"<#{tag} class=\"foo\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+      assert_html_output({"<#{tag} class='foo'>test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+      assert_html_output({"<#{tag} class=\"ruby foo\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+      assert_html_output({"<#{tag} class='ruby foo'>test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+      assert_html_output({"<#{tag} class=\"ruby \"foo\" bar\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
     end
 
     assert_html_output({"<notextile class=\"foo\">test</notextile>" => "test"}, false)
+    assert_html_output({"<notextile class='foo'>test</notextile>" => "test"}, false)
+    assert_html_output({"<notextile class=\"ruby foo\">test</notextile>" => "test"}, false)
+    assert_html_output({"<notextile class='ruby foo'>test</notextile>" => "test"}, false)
+    assert_html_output({"<notextile class=\"ruby \"foo\" bar\">test</notextile>" => "test"}, false)
   end
 
   def test_should_allow_valid_language_class_attribute_on_code_tags