end
def test_create_quickvote
- post(:create, {'commit' =>"Create Quickvote", 'quickvote' =>{'name' =>"variable", 'description' =>"Favorite variable."}}, nil, {:candlist=>["foo", "bar", "foobar"]})
+ post(:create, {'commit' =>"Create Quickvote", 'quickvote' =>{'name' =>"variable", 'description' =>"Favorite variable."}}, nil, {:candidate_names=>["foo", "bar", "foobar"]})
assert_template "quickvote/success"
get :index, { 'ident' => "variable"}
assert_response :success
end
def test_create_quickvote_badname
- post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candlist => ["foo", "bar", "foobar"]})
+ post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => ["foo", "bar", "foobar"]})
assert_template "quickvote/create"
end
def test_create_quickvote_dupe_candidate
- post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candlist => ["foo", "bar", "bar", "foobar"]})
+ post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => ["foo", "bar", "bar", "foobar"]})
assert_template "quickvote/create"
end
def test_create_quickvote_nil_candidate
- post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candlist => nil})
+ post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => nil})
assert_template "quickvote/create"
- post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candlist => []})
+ post(:create, {'commit' => "Create Quickvote", 'quickvote' => {'name' => "has a space", 'description' => "Foobar"}}, nil, {:candidate_names => []})
assert_template "quickvote/create"
end
post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} }
assert_redirected_to :controller => 'quickvote', :ident => 'variable'
end
+ def test_display_tainted_quickvote
+ test_create_quickvote
+ qv=QuickVote.ident_to_quickvote('variable')
+ qv.description="<object>foo</object>"
+ qv.candidate_names = ["<object>foo", "bar<object>", "<foobar>"]
+ qv.save!
+ get :index, { 'ident' => 'variable' }
+ assert_response :success
+ assert_no_tag :tag => "object"
+ assert_no_tag :tag => "foobar"
+ votes = QuickVote.ident_to_quickvote('variable').candidates.collect { |c| c.id}
+ post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} }
+ assert_template('quickvote/thanks')
+ assert_no_tag :tag => "object"
+ assert_no_tag :tag => "foobar"
+ get :results, { 'ident' => 'variable' }
+ assert_response :success
+ assert_no_tag :tag => "object"
+ assert_no_tag :tag => "foobar"
+ end
end