Updated doc and provided tests for abort_chain_on_error_fix

[catagits/Catalyst-Runtime.git] / t / live_redirect_body.t

diff --git a/t/live_redirect_body.t b/t/live_redirect_body.t
index b6d4c96..8b9d62c 100644 (file)
--- a/t/live_redirect_body.t
+++ b/t/live_redirect_body.t
@@ -40,9 +40,24 @@ use Test::More;
     is( $response->code, 302, 'Response Code' );
 
     # When the developer sets both the content body and content type, the set content body and content_type should get through.
-    is( $response->header( 'Content-Type' ), 'text/plain', 'Content Type' );
+    like( $response->header( 'Content-Type' ), qr{text/plain}, 'Content Type' );
     like( $response->content, qr/kind sir/, 'Content contains content set by the Controller' );
 }
 
+# test redirect with dodgy host
+{
+    local $Catalyst::Test::default_host = "-->\">'>'\"<sfi000003v407412>";
+    my $request  =
+      HTTP::Request->new( GET => 'http://localhost:3000/test_redirect_uri_for');
+
+    ok( my $response = request($request), 'Request' );
+    is( $response->code, 302, 'Response Code' );
+
+    # When no body and no content_type has been set, redirecting should set both.
+    is( $response->header( 'Content-Type' ), 'text/html; charset=utf-8', 'Content Type' );
+    like( $response->content, qr/<body>/, 'Content contains HTML body' );
+    like( $response->content, qr/href="[^"]+">here<\/a>/, 'link doesn\'t have xss' );
+}
+
 done_testing;