X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=t%2Fyaml-html.t;h=6d80b9f42c47083204b9beae9e32a67fe194a12f;hb=3ba4e173c6929eb2cbb3b0c8c15449693703bbf5;hp=a77f085a6a5f5ea0ceff8abdac319673e5cc743f;hpb=10018fb41e431b85f35f8e11eeabb4ac15b8b19d;p=catagits%2FCatalyst-Action-REST.git

diff --git a/t/yaml-html.t b/t/yaml-html.t
index a77f085..6d80b9f 100644
--- a/t/yaml-html.t
+++ b/t/yaml-html.t
@@ -1,6 +1,7 @@
 use strict;
 use warnings;
 use Test::More;
+use Test::Requires qw(YAML::Syck);
 use YAML::Syck;
 use FindBin;
 
@@ -28,6 +29,14 @@ SKIP: {
       request( $t->post( url => '/monkey_put', data => Dump($post_data) ) );
     ok( $mres_post->is_error, "POST to the monkey failed; no deserializer." );
 
+    # xss test - RT 63537
+    my $xss_template =
+"<html><title>Test::Serialize</title><body><pre>--- \nmonkey: likes chicken &gt; sushi!\n</pre></body></html>";
+    my $xres = request( $t->get( url => '/xss_get' ) );
+    ok( $xres->is_success, 'GET the xss succeeded' );
+    is( $xres->content, $xss_template, "GET returned the right data" );
+
+
 }
 1;