#!/usr/bin/ruby

# CVE-2016-6316 test
# apt-get install ruby-test-unit

require 'action_view'
require 'action_view/helpers'

include ActionView::Helpers::TagHelper

require 'minitest/autorun'

module ActionDispatch
  module Assertions
    module DomAssertions
      # \Test two HTML strings for equivalency (e.g., identical up to reordering of attributes)
      #
      #   # assert that the referenced method generates the appropriate HTML string
      #   assert_dom_equal '<a href="http://www.example.com">Apples</a>', link_to("Apples", "http://www.example.com")
      def assert_dom_equal(expected, actual, message = nil)
        expected_dom = HTML::Document.new(expected).root
        actual_dom   = HTML::Document.new(actual).root
        assert_equal expected_dom, actual_dom, message
      end
    end
  end
end

include ActionDispatch::Assertions::DomAssertions

class TestSimple < Minitest::Test

  def test_tag_does_not_honor_html_safe_double_quotes_as_attributes
    assert_dom_equal '<p title="&quot;">content</p>',
      content_tag('p', "content", title: '"'.html_safe)
  end

  def test_data_tag_does_not_honor_html_safe_double_quotes_as_attributes
    assert_dom_equal '<p data-title="&quot;">content</p>',
      content_tag('p', "content", data: { title: '"'.html_safe })
  end

  def test_tag_options_accepts_symbol_option_when_not_escaping
    assert_equal "<p value=\"symbol\" />", tag("p", { value: :symbol }, false, false)
  end

  def test_tag_options_accepts_integer_option_when_not_escaping
    assert_equal "<p value=\"42\" />", tag("p", { value: 42 }, false, false)
  end

end
