gazay / gon

Your Rails variables in your JS
MIT License
3.05k stars 185 forks source link

test failure with rails 6 - Gon#include_gon outputs correct js with a script string #262

Open pravi opened 4 years ago

pravi commented 4 years ago
Failures:

  1) Gon#include_gon outputs correct js with a script string
     Failure/Error:
       expect(@base.include_gon).to eq(wrap_script(
                                 'window.gon={};' +
                                 %Q(gon.str="#{escaped_str}";))
       )

       expected: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"\\u003c/script\\u003e\\u003cscript\\u003ealert('!')\\u003c/script\\u003e\";\n//]]>\n</script>"
            got: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"</script><script>alert('!')</script>\";\n//]]>\n</script>"

       (compared using ==)

       Diff:
       @@ -1,6 +1,6 @@
        <script>
        //<![CDATA[
       -window.gon={};gon.str="\u003c/script\u003e\u003cscript\u003ealert('!')\u003c/script\u003e";
       +window.gon={};gon.str="</script><script>alert('!')</script>";
        //]]>
        </script>

     # ./spec/gon/basic_spec.rb:114:in `block (3 levels) in <top (required)>'

Finished in 0.28145 seconds (files took 0.45571 seconds to load)
73 examples, 1 failure

Failed examples:

rspec ./spec/gon/basic_spec.rb:111 # Gon#include_gon outputs correct js with a script string