I want to test that the JSON response from a create action is
sanitized properly, but rspec or webrat appears to be parsing the
output into proper HTML chars instead of escaped characters. I have
verified that it escapes properly in the regular browser json
response.
The relevant RSpec test code is:
include ActionView::Helpers::TextHelper
include ActionView::Helpers::UrlHelper
it "should automatically sanitize any HTML or script characters"
do
post :create, :post_id => @post.id,
:content => "<h1>Oh Hai!</h1><script>",
:user_id => @user.id,
:format => 'js'
# get json response
json = JSON.parse(response.body)
json['html'].should_not be_nil
json['html'].should contain("#{h('<h1>Oh Hai!</h1><script>')}")
end
How would I go about testing this properly? This is the error showing
what webrat expected versus what it received:
expected the following element's content to include:
"<h1>Oh Hai!</h1><script>"
instead received:
<h1>Oh Hai!</h1><script>
_______________________________________________
rspec-users mailing list
rspec-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/rspec-users
