我在notifier_test.rb中进行了测试,其中Notifier是我的邮件程序类
mail = Notifier.registered_client(client.firstname, client.emailaddress)
assert_match I18n.t('notifier.registered_client.email_body'), mail.body.encoded, 'Email contents should be correct'
此测试过去在Rails 3.2.8之前通过,但测试现在失败了:
NotifierTest
FAIL (0:00:07.963) should create registration email in English
Email contents should be correct.
Expected /In\ order\ to\ activate\ your\ company's\ registration\ you\ must\ click\ on\ the\ following\ link:/
to match
"\nDear First Name, thanks for registering.\n\nIn order to activate your company\'s registration you must click on the following link:\n\nhttp://localhost:3000/en/clients/activate?email=english%40email.com&key=7b6e6ed1-ac03-4d95-a0d5-6f2541092dd0\n".
错误似乎正在出现,因为我的邮件文本包含一个撇号,mail.body.encoded现在返回为\',原因是补丁:
CVE-2012-3464 https://groups.google.com/forum/#!msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J中描述的Ruby on Rails中潜在的XSS漏洞
以同样的方式编码I18n.t返回的字符串最聪明的方法是什么,或者从我的邮件对象中获取没有撇号的文本?
答案 0 :(得分:1)
最后,我使用
开始工作CGI.unescapeHTML(mail.body.encoded)
这样就行了
assert_match I18n.t('notifier.registered_client.email_greeting',姓名:名字),CGI.unescapeHTML(mail.body.encoded),'电子邮件问候应该存在'
通过测试