Fix #3497: Invalid DText denial of service attack.

2018-01-14 14:22:10 -06:00
parent 4f543671a2
commit 88f4a56890
5 changed files with 19 additions and 7 deletions
--- a/test/helpers/application_helper_test.rb
+++ b/test/helpers/application_helper_test.rb
@@ -0,0 +1,14 @@
+require "test_helper"
+
+class ApplicationHelperTest < ActionView::TestCase
+  context "The application helper" do
+    context "format_text method" do
+      should "not raise an exception for invalid DText" do
+        dtext = "* a\n" * 513
+
+        assert_nothing_raised { format_text(dtext) }
+        assert_equal("", format_text(dtext))
+      end
+    end
+  end
+end