Address code review comments

- clean up comment wording - fix potentially leaky tests
2026-01-01 15:55:40 +03:00 · 2014-09-15 13:32:21 +00:00
parent 67b2c320a1
commit eeb061ef44
3 changed files with 23 additions and 15 deletions
--- a/lib/liquid/template.rb
+++ b/lib/liquid/template.rb
@@ -61,7 +61,7 @@ module Liquid
      attr_writer :error_mode

      # Sets how strict the taint checker should be.
-      # :lax ignores the taint flag completely (like previous liquid versions)
+      # :lax is the default, and ignores the taint flag completely
      # :warn adds a warning, but does not interrupt the rendering
      # :error raises an error when tainted output is used
      attr_writer :taint_mode
--- a/test/integration/drop_test.rb
+++ b/test/integration/drop_test.rb
@@ -113,27 +113,27 @@ class DropsTest < Minitest::Test
  end

  def test_rendering_raises_on_tainted_attr
-    Liquid::Template.taint_mode = :error
-    tpl = Liquid::Template.parse('{{ product.user_input }}')
-    assert_raises TaintedError do
-      tpl.render!('product' => ProductDrop.new)
+    with_taint_mode(:error) do
+      tpl = Liquid::Template.parse('{{ product.user_input }}')
+      assert_raises TaintedError do
+        tpl.render!('product' => ProductDrop.new)
+      end
    end
-    Liquid::Template.taint_mode = :lax
  end

  def test_rendering_warns_on_tainted_attr
-    Liquid::Template.taint_mode = :warn
-    tpl = Liquid::Template.parse('{{ product.user_input }}')
-    tpl.render!('product' => ProductDrop.new)
-    assert_match /tainted/, tpl.warnings.first
-    Liquid::Template.taint_mode = :lax
+    with_taint_mode(:warn) do
+      tpl = Liquid::Template.parse('{{ product.user_input }}')
+      tpl.render!('product' => ProductDrop.new)
+      assert_match /tainted/, tpl.warnings.first
+    end
  end

  def test_rendering_doesnt_raise_on_escaped_tainted_attr
-    Liquid::Template.taint_mode = :error
-    tpl = Liquid::Template.parse('{{ product.user_input | escape }}')
-    tpl.render!('product' => ProductDrop.new)
-    Liquid::Template.taint_mode = :lax
+    with_taint_mode(:error) do
+      tpl = Liquid::Template.parse('{{ product.user_input | escape }}')
+      tpl.render!('product' => ProductDrop.new)
+    end
  end

  def test_drop_does_only_respond_to_whitelisted_methods
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -57,6 +57,14 @@ module Minitest
      Liquid::Strainer.class_variable_set(:@@filters, original_filters)
    end

+    def with_taint_mode(mode)
+      old_mode = Liquid::Template.taint_mode
+      Liquid::Template.taint_mode = mode
+      yield
+    ensure
+      Liquid::Template.taint_mode = old_mode
+    end
+
    def with_error_mode(mode)
      old_mode = Liquid::Template.error_mode
      Liquid::Template.error_mode = mode