[rspec-users] Testing for cross site scripting, etc.
court3nay at gmail.com
Mon Jun 18 20:23:37 EDT 2007
On 6/18/07, aslak hellesoy <aslak.hellesoy at gmail.com> wrote:
> On 6/19/07, barsalou <barjunk at attglobal.net> wrote:
> > Being new to testing and ruby, are there "standard" tests that can be
> > done that test for things like cross site scripting and friends?
> I suppose you mean http://en.wikipedia.org/wiki/Cross-site_scripting (XSS)
> XSS happens *in* the browser, where Ruby doesn't run (yet), so I'm not
> sure how you think RSpec is relevant. Unless you want to use Watir or
> Selenium-RC, which allows you to talk to a browser from Ruby (and
I'd say they want to assert, in the views, that user-generated input
does not render script tags.
Like if I set my user info to be <script>alert('cookie!');</script> it
should appear in the view as <script>alert and so on.
Maybe in the view spec
More information about the rspec-users