kemko/liquid
1
0
Fork 0
mirror of https://github.com/kemko/liquid.git synced 2026-01-06 10:15:40 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
46b7fd29dfded8e0fb4c1a04adfbf83f9cf591fe
liquid/test/liquid/security_test.rb

65 lines
1.5 KiB
Ruby
Raw Blame History

require 'test_helper'
module SecurityFilter
def add_one(input)
"#{input} + 1"
end
end
class SecurityTest < Test::Unit::TestCase
include Liquid
def test_no_instance_eval
text = %( {{ '1+1' | instance_eval }} )
expected = %| 1+1 |
assert_equal expected, Template.parse(text).render(@assigns)
end
def test_no_existing_instance_eval
text = %( {{ '1+1' | __instance_eval__ }} )
expected = %| 1+1 |
assert_equal expected, Template.parse(text).render(@assigns)
end
def test_no_instance_eval_after_mixing_in_new_filter
text = %( {{ '1+1' | instance_eval }} )
expected = %| 1+1 |
assert_equal expected, Template.parse(text).render(@assigns)
end
def test_no_instance_eval_later_in_chain
text = %( {{ '1+1' | add_one | instance_eval }} )
expected = %| 1+1 + 1 |
assert_equal expected, Template.parse(text).render(@assigns, :filters => SecurityFilter)
end
def test_does_not_add_filters_to_symbol_table
current_symbols = Symbol.all_symbols
test = %( {{ "some_string" | a_bad_filter }} )
template = Template.parse(test)
assert_equal [], (Symbol.all_symbols - current_symbols)
template.render
assert_equal [], (Symbol.all_symbols - current_symbols)
end
def test_does_not_add_drop_methods_to_symbol_table
current_symbols = Symbol.all_symbols
drop = Drop.new
drop.invoke_drop("custom_method_1")
drop.invoke_drop("custom_method_2")
drop.invoke_drop("custom_method_3")
assert_equal [], (Symbol.all_symbols - current_symbols)
end
end # SecurityTest
Reference in New Issue View Git Blame Copy Permalink