X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=t%2Fyaml-html.t;h=bf9bf1070450bff740aead46c04b35b302a7d8d7;hb=671b3a1fd09c29ad689a01a73c37fe299492830e;hp=46f541f78f170fe5f33821d7f623d491c8941b65;hpb=6646fdc27add35e5421e516b1fcd98560bef0b96;p=catagits%2FCatalyst-Action-REST.git

diff --git a/t/yaml-html.t b/t/yaml-html.t
index 46f541f..bf9bf10 100644
--- a/t/yaml-html.t
+++ b/t/yaml-html.t
@@ -1,9 +1,8 @@
 use strict;
 use warnings;
-use Test::More tests => 4;
+use Test::More;
 use YAML::Syck;
 use FindBin;
-use Data::Dump qw(dump);
 
 use lib ( "$FindBin::Bin/lib", "$FindBin::Bin/../lib" );
 use Test::Rest;
@@ -29,5 +28,15 @@ SKIP: {
       request( $t->post( url => '/monkey_put', data => Dump($post_data) ) );
     ok( $mres_post->is_error, "POST to the monkey failed; no deserializer." );
 
+    # xss test - RT 63537
+    my $xss_template =
+"<html><title>Test::Serialize</title><body><pre>--- \nmonkey: likes chicken &gt; sushi!\n</pre></body></html>";
+    my $xres = request( $t->get( url => '/xss_get' ) );
+    ok( $xres->is_success, 'GET the xss succeeded' );
+    is( $xres->content, $xss_template, "GET returned the right data" );
+
+
 }
 1;
+
+done_testing;