From eeb061ef44416f3bee71475b918e58b745f6174a Mon Sep 17 00:00:00 2001 From: Evan Huus Date: Mon, 15 Sep 2014 13:32:21 +0000 Subject: [PATCH] Address code review comments - clean up comment wording - fix potentially leaky tests --- lib/liquid/template.rb | 2 +- test/integration/drop_test.rb | 28 ++++++++++++++-------------- test/test_helper.rb | 8 ++++++++ 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/lib/liquid/template.rb b/lib/liquid/template.rb index 20d2a93..8862564 100644 --- a/lib/liquid/template.rb +++ b/lib/liquid/template.rb @@ -61,7 +61,7 @@ module Liquid attr_writer :error_mode # Sets how strict the taint checker should be. - # :lax ignores the taint flag completely (like previous liquid versions) + # :lax is the default, and ignores the taint flag completely # :warn adds a warning, but does not interrupt the rendering # :error raises an error when tainted output is used attr_writer :taint_mode diff --git a/test/integration/drop_test.rb b/test/integration/drop_test.rb index afeba5e..96e7fa5 100644 --- a/test/integration/drop_test.rb +++ b/test/integration/drop_test.rb @@ -113,27 +113,27 @@ class DropsTest < Minitest::Test end def test_rendering_raises_on_tainted_attr - Liquid::Template.taint_mode = :error - tpl = Liquid::Template.parse('{{ product.user_input }}') - assert_raises TaintedError do - tpl.render!('product' => ProductDrop.new) + with_taint_mode(:error) do + tpl = Liquid::Template.parse('{{ product.user_input }}') + assert_raises TaintedError do + tpl.render!('product' => ProductDrop.new) + end end - Liquid::Template.taint_mode = :lax end def test_rendering_warns_on_tainted_attr - Liquid::Template.taint_mode = :warn - tpl = Liquid::Template.parse('{{ product.user_input }}') - tpl.render!('product' => ProductDrop.new) - assert_match /tainted/, tpl.warnings.first - Liquid::Template.taint_mode = :lax + with_taint_mode(:warn) do + tpl = Liquid::Template.parse('{{ product.user_input }}') + tpl.render!('product' => ProductDrop.new) + assert_match /tainted/, tpl.warnings.first + end end def test_rendering_doesnt_raise_on_escaped_tainted_attr - Liquid::Template.taint_mode = :error - tpl = Liquid::Template.parse('{{ product.user_input | escape }}') - tpl.render!('product' => ProductDrop.new) - Liquid::Template.taint_mode = :lax + with_taint_mode(:error) do + tpl = Liquid::Template.parse('{{ product.user_input | escape }}') + tpl.render!('product' => ProductDrop.new) + end end def test_drop_does_only_respond_to_whitelisted_methods diff --git a/test/test_helper.rb b/test/test_helper.rb index 9c0daa9..75d5491 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -57,6 +57,14 @@ module Minitest Liquid::Strainer.class_variable_set(:@@filters, original_filters) end + def with_taint_mode(mode) + old_mode = Liquid::Template.taint_mode + Liquid::Template.taint_mode = mode + yield + ensure + Liquid::Template.taint_mode = old_mode + end + def with_error_mode(mode) old_mode = Liquid::Template.error_mode Liquid::Template.error_mode = mode