Open pravi opened 4 years ago
Failures: 1) Gon#include_gon outputs correct js with a script string Failure/Error: expect(@base.include_gon).to eq(wrap_script( 'window.gon={};' + %Q(gon.str="#{escaped_str}";)) ) expected: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"\\u003c/script\\u003e\\u003cscript\\u003ealert('!')\\u003c/script\\u003e\";\n//]]>\n</script>" got: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"</script><script>alert('!')</script>\";\n//]]>\n</script>" (compared using ==) Diff: @@ -1,6 +1,6 @@ <script> //<![CDATA[ -window.gon={};gon.str="\u003c/script\u003e\u003cscript\u003ealert('!')\u003c/script\u003e"; +window.gon={};gon.str="</script><script>alert('!')</script>"; //]]> </script> # ./spec/gon/basic_spec.rb:114:in `block (3 levels) in <top (required)>' Finished in 0.28145 seconds (files took 0.45571 seconds to load) 73 examples, 1 failure Failed examples: rspec ./spec/gon/basic_spec.rb:111 # Gon#include_gon outputs correct js with a script string