gon test failure with rails 6 - Gon#include_gon outputs correct js with a script string

test failure with rails 6 - Gon#include_gon outputs correct js with a script string

Open pravi opened this issue 4 years ago • 0 comments

Failures:

  1) Gon#include_gon outputs correct js with a script string
     Failure/Error:
       expect(@base.include_gon).to eq(wrap_script(
                                 'window.gon={};' +
                                 %Q(gon.str="#{escaped_str}";))
       )
     
       expected: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"\\u003c/script\\u003e\\u003cscript\\u003ealert('!')\\u003c/script\\u003e\";\n//]]>\n</script>"
            got: "<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"</script><script>alert('!')</script>\";\n//]]>\n</script>"
     
       (compared using ==)
     
       Diff:
       @@ -1,6 +1,6 @@
        <script>
        //<![CDATA[
       -window.gon={};gon.str="\u003c/script\u003e\u003cscript\u003ealert('!')\u003c/script\u003e";
       +window.gon={};gon.str="</script><script>alert('!')</script>";
        //]]>
        </script>
       
     # ./spec/gon/basic_spec.rb:114:in `block (3 levels) in <top (required)>'

Finished in 0.28145 seconds (files took 0.45571 seconds to load)
73 examples, 1 failure

Failed examples:

rspec ./spec/gon/basic_spec.rb:111 # Gon#include_gon outputs correct js with a script string

Jul 18 '20 14:07 pravi

gon gon copied to clipboard

test failure with rails 6 - Gon#include_gon outputs correct js with a script string

gon
gon copied to clipboard