X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=t%2Fyaml-html.t;h=bf9bf1070450bff740aead46c04b35b302a7d8d7;hb=6da8e4480cabc5e6cdee44346a7fbaf9ed06e1e1;hp=fc6fa03b597f776e3326c3126b05ea59d486bc5b;hpb=8f00a41bd7efb75d302d0a333e0eb5bc7d75c931;p=catagits%2FCatalyst-Action-REST.git
diff --git a/t/yaml-html.t b/t/yaml-html.t
index fc6fa03..bf9bf10 100644
--- a/t/yaml-html.t
+++ b/t/yaml-html.t
@@ -1,9 +1,8 @@
use strict;
use warnings;
-use Test::More qw(no_plan);
+use Test::More;
use YAML::Syck;
use FindBin;
-use Data::Dump qw(dump);
use lib ( "$FindBin::Bin/lib", "$FindBin::Bin/../lib" );
use Test::Rest;
@@ -29,5 +28,15 @@ SKIP: {
request( $t->post( url => '/monkey_put', data => Dump($post_data) ) );
ok( $mres_post->is_error, "POST to the monkey failed; no deserializer." );
+ # xss test - RT 63537
+ my $xss_template =
+"Test::Serialize--- \nmonkey: likes chicken > sushi!\n
";
+ my $xres = request( $t->get( url => '/xss_get' ) );
+ ok( $xres->is_success, 'GET the xss succeeded' );
+ is( $xres->content, $xss_template, "GET returned the right data" );
+
+
}
1;
+
+done_testing;