HTML encode the link in the 302 redirect page to prevent XSS.

[catagits/Catalyst-Runtime.git] / t / lib / TestApp / Controller / Root.pm

diff --git a/t/lib/TestApp/Controller/Root.pm b/t/lib/TestApp/Controller/Root.pm
index c1bd6d5..e5137e0 100644 (file)
--- a/t/lib/TestApp/Controller/Root.pm
+++ b/t/lib/TestApp/Controller/Root.pm
@@ -91,6 +91,13 @@ sub test_redirect :Global {
     $c->res->redirect('/go_here');
 }
 
+sub test_redirect_uri_for :Global {
+    my ($self, $c) = @_;
+    # Don't set content_type
+    # Don't set body
+    $c->res->redirect($c->uri_for('/go_here'));
+}
+
 sub test_redirect_with_contenttype :Global {
     my ($self, $c) = @_;
     # set content_type but don't set body