@entries.each do |entry|
xml.item do
- xml.title h(entry.title)
+ xml.title entry.title
xml.link url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.guid url_for(:action => "view", :id => entry.id, :display_name => entry.user.display_name, :host => SERVER_URL)
xml.description entry.body.to_html
assert_response :not_found, "Should not be able to get a deleted users diary RSS"
end
+ def test_rss_character_escaping
+ create(:diary_entry, :title => "<script>")
+ get :rss, :format => :rss
+
+ assert_match "<title><script></title>", response.body
+ end
+
def test_view
# Try a normal entry that should work
diary_entry = create(:diary_entry, :user => users(:normal_user))
projects / rails.git / commitdiff