Merge branch 'hotfix/0.20.0.2' into rails-3-develop

author: Louise Crow <louise.crow@gmail.com> 2015-01-07 09:53:18 +0000
committer: Louise Crow <louise.crow@gmail.com> 2015-01-07 09:53:18 +0000
commit: b803759551cc036a5e043a2991f386d8bcd0a398 (patch)
tree: 61c6c01bc21802d17f7bebb90c3def451cd8d889 /spec/controllers/general_controller_spec.rb
parent: 76950510e850d7f09af9710d86bd94c815fd7759 (diff)
parent: be4f5819bd4b18ef0e241ee846d6b42fc7a36cbe (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/controllers/general_controller_spec.rb b/spec/controllers/general_controller_spec.rb
index 4a7a0bb48..28dac7b96 100644
--- a/spec/controllers/general_controller_spec.rb
+++ b/spec/controllers/general_controller_spec.rb
@@ -53,6 +53,18 @@ describe GeneralController, 'when getting the blog feed' do
         end
     end
 
+    context 'when the blog has entries' do
+
+        render_views
+
+        it 'should escape any javascript from the entries' do
+            controller.stub!(:quietly_try_to_open).and_return(load_file_fixture("blog_feed.atom"))
+            get :blog
+            response.body.should_not include('<script>alert("exciting!")</script>')
+        end
+
+    end
+
 end
 
 describe GeneralController, "when showing the frontpage" do
author	Louise Crow <louise.crow@gmail.com>	2015-01-07 09:53:18 +0000
committer	Louise Crow <louise.crow@gmail.com>	2015-01-07 09:53:18 +0000
commit	b803759551cc036a5e043a2991f386d8bcd0a398 (patch)
tree	61c6c01bc21802d17f7bebb90c3def451cd8d889 /spec/controllers/general_controller_spec.rb
parent	76950510e850d7f09af9710d86bd94c815fd7759 (diff)
parent	be4f5819bd4b18ef0e241ee846d6b42fc7a36cbe (diff)