X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=t%2Fyaml-html.t;h=bf9bf1070450bff740aead46c04b35b302a7d8d7;hb=47c3e6b3694ea55015f839be8f1a10e4141e6e4a;hp=dc50a7de4a9dcc63d6179c6becccfb4166c2125a;hpb=de1fb650378975cfcafe60e7b9a031825df7392e;p=catagits%2FCatalyst-Action-REST.git

diff --git a/t/yaml-html.t b/t/yaml-html.t
index dc50a7d..bf9bf10 100644
--- a/t/yaml-html.t
+++ b/t/yaml-html.t
@@ -1,6 +1,6 @@
 use strict;
 use warnings;
-use Test::More tests => 4;
+use Test::More;
 use YAML::Syck;
 use FindBin;
 
@@ -28,5 +28,15 @@ SKIP: {
       request( $t->post( url => '/monkey_put', data => Dump($post_data) ) );
     ok( $mres_post->is_error, "POST to the monkey failed; no deserializer." );
 
+    # xss test - RT 63537
+    my $xss_template =
+"<html><title>Test::Serialize</title><body><pre>--- \nmonkey: likes chicken &gt; sushi!\n</pre></body></html>";
+    my $xres = request( $t->get( url => '/xss_get' ) );
+    ok( $xres->is_success, 'GET the xss succeeded' );
+    is( $xres->content, $xss_template, "GET returned the right data" );
+
+
 }
 1;
+
+done_testing;