diff options
| author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2022-04-13 22:02:21 +0900 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2022-10-07 12:09:23 +0900 |
| commit | 8d0b2162a09183eb3d58a5a1d824b4daf16bf3c8 (patch) | |
| tree | 858d8f865f5c88387df89db57268cfc12cbf5e07 /test/rdoc | |
| parent | 586e18b94645b2d3181720d311fcd72b4bb2ca88 (diff) | |
| download | ruby-8d0b2162a09183eb3d58a5a1d824b4daf16bf3c8.tar.gz | |
[ruby/rdoc] Escape main title
https://hackerone.com/reports/1187156
https://github.com/ruby/rdoc/commit/5dedb5741d
Diffstat (limited to 'test/rdoc')
| -rw-r--r-- | test/rdoc/test_rdoc_generator_darkfish.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/test/rdoc/test_rdoc_generator_darkfish.rb b/test/rdoc/test_rdoc_generator_darkfish.rb index ae3a4c5ebf..1cee3e44ab 100644 --- a/test/rdoc/test_rdoc_generator_darkfish.rb +++ b/test/rdoc/test_rdoc_generator_darkfish.rb @@ -248,6 +248,22 @@ class TestRDocGeneratorDarkfish < RDoc::TestCase assert_include File.read('index.html'), %Q[href="./#{base}"] end + def test_title + title = "RDoc Test".freeze + @options.title = title + @g.generate + + assert_main_title(File.read('index.html'), title) + end + + def test_title_escape + title = %[<script>alert("RDoc")</script>].freeze + @options.title = title + @g.generate + + assert_main_title(File.read('index.html'), title) + end + ## # Asserts that +filename+ has a link count greater than 1 if hard links to # @tmpdir are supported. @@ -271,4 +287,9 @@ class TestRDocGeneratorDarkfish < RDoc::TestCase "#{filename} is not hard-linked" end + def assert_main_title(content, title) + title = CGI.escapeHTML(title) + assert_equal(title, content[%r[<title>(.*?)<\/title>]im, 1]) + assert_include(content[%r[<main\s[^<>]*+>\s*(.*?)</main>]im, 1], title) + end end |