diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-08-28 17:41:47 +0900 |
---|---|---|
committer | git <svn-admin@ruby-lang.org> | 2022-10-07 12:12:08 +0900 |
commit | a3cb09c7d17f2626ebd6eae774f0425d602ed95b (patch) | |
tree | adecae701b63e13bf852bd0aead3a832df8ef35a /test/rdoc | |
parent | 8d0b2162a09183eb3d58a5a1d824b4daf16bf3c8 (diff) | |
download | ruby-a3cb09c7d17f2626ebd6eae774f0425d602ed95b.tar.gz |
[ruby/rdoc] Escape file names
https://hackerone.com/reports/1321358
https://github.com/ruby/rdoc/commit/8c07cc4657
Diffstat (limited to 'test/rdoc')
-rw-r--r-- | test/rdoc/test_rdoc_generator_darkfish.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/test/rdoc/test_rdoc_generator_darkfish.rb b/test/rdoc/test_rdoc_generator_darkfish.rb index 1cee3e44ab..140cf0916b 100644 --- a/test/rdoc/test_rdoc_generator_darkfish.rb +++ b/test/rdoc/test_rdoc_generator_darkfish.rb @@ -233,6 +233,20 @@ class TestRDocGeneratorDarkfish < RDoc::TestCase assert_includes method_name, '{ |%<<script>alert("atui")</script>>, yield_arg| ... }' end + def test_generated_filename_with_html_tag + @store.add_file '"><em>should be escaped' + doc = @store.all_files.last + doc.parser = RDoc::Parser::Simple + + @g.generate + + Dir.glob("*.html", base: @tmpdir) do |html| + File.read(File.join(@tmpdir, html)).scan(/.*should be escaped.*/) do |line| + assert_not_include line, "<em>", html + end + end + end + def test_template_stylesheets css = Tempfile.create(%W'hoge .css', Dir.mktmpdir('tmp', '.')) File.write(css, '') |