houdini/spec/cve/cve_2015_3226_spec.rb

# frozen_string_literal: true

# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper'

describe ActiveSupport::JSON::Encoding do
  it 'test_hash_keys_encoding' do
    # from https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ

    ActiveSupport.escape_html_entities_in_json = true
    expect(ActiveSupport::JSON.encode('<>' => '<>').downcase).to eq '{"\\u003c\\u003e":"\\u003c\\u003e"}'
  ensure
    ActiveSupport.escape_html_entities_in_json = false
  end
end
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`# frozen_string_literal: true`

Shorten license definition 2020-06-12 20:03:43 +00:00			`# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later`
			`# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`require 'rails_helper'`

			`describe ActiveSupport::JSON::Encoding do`
			`it 'test_hash_keys_encoding' do`
style(format): run rubocop format autocorrect 2019-07-30 21:29:24 +00:00			`# from https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ`

			`ActiveSupport.escape_html_entities_in_json = true`
			`expect(ActiveSupport::JSON.encode('<>' => '<>').downcase).to eq '{"\\u003c\\u003e":"\\u003c\\u003e"}'`
			`ensure`
			`ActiveSupport.escape_html_entities_in_json = false`
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`end`
			`end`