CODEWITHSUNDEEP
ruby-on-railstestingactionmailer
Craig Miles
Craig Miles

Reputation: 495

ActionMailer test fails in Rails 3.2.8

I have a test in notifier_test.rb, where Notifier is my mailer class

mail = Notifier.registered_client(client.firstname, client.emailaddress)

assert_match I18n.t('notifier.registered_client.email_body'), mail.body.encoded, 'Email contents should be correct'

This test used to pass prior to Rails 3.2.8 but the test now fails with:

NotifierTest
      FAIL (0:00:07.963) should create registration email in English
      Email contents should be correct.
      Expected /In\ order\ to\ activate\ your\ company's\ registration\ you\ must\ click\ on\ the\ following\ link:/ 
      to match 
      "\nDear First Name, thanks for registering.\n\nIn order to activate your company\'s registration you must click on the following link:\n\nhttp://localhost:3000/en/clients/activate?email=english%40email.com&key=7b6e6ed1-ac03-4d95-a0d5-6f2541092dd0\n".

The error seems to be arising because the text of my mail contains an apostrophe which mail.body.encoded is now returning as \' due to the patch for:

CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails described in https://groups.google.com/forum/#!msg/rubyonrails-security/kKGNeMrnmiY/r2yM7xy-G48J

What's the smartest way to either encode the string returned by I18n.t in the same way, or else get the text without the apostrophe from my mail object?

Upvotes: 4

Views: 742

Answers (1)

Craig Miles
Craig Miles

Reputation: 495

In the end I got to this to work by using

CGI.unescapeHTML(mail.body.encoded)

so that the line

assert_match I18n.t('notifier.registered_client.email_greeting', name: firstname), CGI.unescapeHTML(mail.body.encoded), 'Email greeting should be present'

passed testing

Upvotes: 1

Related Questions