diff options
author | Eric Wong <normalperson@yhbt.net> | 2011-12-05 17:59:40 -0800 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2011-12-05 17:59:40 -0800 |
commit | 3a47f23e74a681339f74b21b94241dcfe9542472 (patch) | |
tree | d29223babb471bbc1a2c42937aa917fab1035236 /test/test_clogger.rb | |
parent | ba72b12030864a05fc88bc94a3b699971cc70b0a (diff) | |
download | clogger-3a47f23e74a681339f74b21b94241dcfe9542472.tar.gz |
These values are untrusted, so if any client sends them to us we must escape them.
Diffstat (limited to 'test/test_clogger.rb')
-rw-r--r-- | test/test_clogger.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/test/test_clogger.rb b/test/test_clogger.rb index 10640e2..14613e0 100644 --- a/test/test_clogger.rb +++ b/test/test_clogger.rb @@ -424,9 +424,9 @@ class TestClogger < Test::Unit::TestCase cl = Clogger.new(app, :format => '$cookie_foo $cookie_quux', :logger => str) - req = @req.merge('HTTP_COOKIE' => "foo=bar;quux=h&m") + req = @req.merge('HTTP_COOKIE' => "foo=bar;quux=h%7F&m") status, headers, body = cl.call(req) - assert_equal "bar h&m\n", str.string + assert_equal "bar h\\x7F&m\n", str.string end def test_bogus_app_response |