Erb::Util.h now escapes ' which it didn't before

this is what 3.2.8 actually fixes to prevent XSS iirc We're including the raw message in the atom feed so we should test for it
2012-09-06 21:12:49 +02:00 · 2012-09-06 21:12:49 +02:00 · 81442f0f2a
commit 81442f0f2a
parent 60e8107763
2 changed files with 2 additions and 2 deletions
--- a/app/models/status_message.rb
+++ b/app/models/status_message.rb
@ -70,7 +70,7 @@ class StatusMessage < Post
  def formatted_message(opts={})
    return self.raw_message unless self.raw_message

-    escaped_message = opts[:plain_text] ? self.raw_message: ERB::Util.h(self.raw_message)
+    escaped_message = opts[:plain_text] ? self.raw_message : ERB::Util.h(self.raw_message)
    mentioned_message = self.format_mentions(escaped_message, opts)
    Diaspora::Taggable.format_tags(mentioned_message, opts.merge(:no_escape => true))
  end
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -43,7 +43,7 @@ describe UsersController do
    it 'renders xml if atom is requested' do
      sm = Factory(:status_message, :public => true, :author => @user.person)
      get :public, :username => @user.username, :format => :atom
-      response.body.should include(sm.text)
+      response.body.should include(sm.raw_message)
    end

    it 'renders xml if atom is requested with clickalbe urls' do