X-Git-Url: https://projects.mako.cc/source/selectricity/blobdiff_plain/e9aaa095a1136966a7fcca4877882736770ac119..823d530ba46c1fb3518c4deef0081738503837eb:/test/functional/quickvote_controller_test.rb diff --git a/test/functional/quickvote_controller_test.rb b/test/functional/quickvote_controller_test.rb index 076a104..02c133e 100644 --- a/test/functional/quickvote_controller_test.rb +++ b/test/functional/quickvote_controller_test.rb @@ -115,4 +115,24 @@ class QuickvoteControllerTest < Test::Unit::TestCase post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} } assert_redirected_to :controller => 'quickvote', :ident => 'variable' end + def test_display_tainted_quickvote + test_create_quickvote + qv=QuickVote.ident_to_quickvote('variable') + qv.description="foo" + qv.candidatelist = ["foo", "bar", ""] + qv.save! + get :index, { 'ident' => 'variable' } + assert_response :success + assert_no_tag :tag => "object" + assert_no_tag :tag => "foobar" + votes = QuickVote.ident_to_quickvote('variable').candidates.collect { |c| c.id} + post :confirm, { 'ident' => 'variable', 'rankings-list' => votes.sort_by {rand} } + assert_template('quickvote/thanks') + assert_no_tag :tag => "object" + assert_no_tag :tag => "foobar" + get :results, { 'ident' => 'variable' } + assert_response :success + assert_no_tag :tag => "object" + assert_no_tag :tag => "foobar" + end end