X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Runtime.git;a=blobdiff_plain;f=t%2Flive_redirect_body.t;h=8b9d62c8615b917b775f72a6edb262897224d3ec;hp=b1e5b4eae415515732574922264be8445b613923;hb=fd587c517f98b124686e56d0413491161a4a9d19;hpb=d67d5f8734a887d0dbd2eeaa5623cf1116a4b626

diff --git a/t/live_redirect_body.t b/t/live_redirect_body.t
index b1e5b4e..8b9d62c 100644
--- a/t/live_redirect_body.t
+++ b/t/live_redirect_body.t
@@ -3,43 +3,61 @@ use lib "$FindBin::Bin/lib";
 use Catalyst::Test 'TestApp', {default_host => 'default.com'};
 use Catalyst::Request;
 
-use Test::More tests => 12;
-
-    # test redirect
-    {
-        my $request  =
-          HTTP::Request->new( GET => 'http://localhost:3000/test_redirect' );
-
-      ok( my $response = request($request), 'Request' );
-      is( $response->code, 302, 'Response Code' );
-
-      # When no body and no content_type has been set, redirecting should set both.
-      is( $response->header( 'Content-Type' ), 'text/html; charset=utf-8', 'Content Type' );
-      like( $response->content, qr/<body>/, 'Content contains HTML body' );
-    }
-
-    # test redirect without a body and but with a content_type set explicitly by the developer
-    {
-        my $request  =
-          HTTP::Request->new( GET => 'http://localhost:3000/test_redirect_with_contenttype' );
-
-      ok( my $response = request($request), 'Request' );
-      is( $response->code, 302, 'Response Code' );
-
-      # When the developer has not set content body, we set it. The content type must always match the body, so it should be overwritten.
-      is( $response->header( 'Content-Type' ), 'text/html; charset=utf-8', 'Content Type' );
-      like( $response->content, qr/<body>/, 'Content contains HTML body' );
-    }
-
-    # test redirect without a body and but with a content_type set explicitly by the developer
-    {
-        my $request  =
-          HTTP::Request->new( GET => 'http://localhost:3000/test_redirect_with_content' );
-
-      ok( my $response = request($request), 'Request' );
-      is( $response->code, 302, 'Response Code' );
-      
-      # When the developer sets both the content body and content type, the set content body and content_type should get through.
-      is( $response->header( 'Content-Type' ), 'text/plain', 'Content Type' );
-      like( $response->content, qr/kind sir/, 'Content contains content set by the Controller' );
-    }
+use Test::More;
+
+# test redirect
+{
+    my $request  =
+      HTTP::Request->new( GET => 'http://localhost:3000/test_redirect' );
+
+    ok( my $response = request($request), 'Request' );
+    is( $response->code, 302, 'Response Code' );
+
+    # When no body and no content_type has been set, redirecting should set both.
+    is( $response->header( 'Content-Type' ), 'text/html; charset=utf-8', 'Content Type' );
+    like( $response->content, qr/<body>/, 'Content contains HTML body' );
+}
+
+# test redirect without a body and but with a content_type set explicitly by the developer
+{
+    my $request  =
+        HTTP::Request->new( GET => 'http://localhost:3000/test_redirect_with_contenttype' );
+
+    ok( my $response = request($request), 'Request' );
+    is( $response->code, 302, 'Response Code' );
+
+    # When the developer has not set content body, we set it. The content type must always match the body, so it should be overwritten.
+    is( $response->header( 'Content-Type' ), 'text/html; charset=utf-8', 'Content Type' );
+    like( $response->content, qr/<body>/, 'Content contains HTML body' );
+}
+
+# test redirect without a body and but with a content_type set explicitly by the developer
+{
+    my $request  =
+        HTTP::Request->new( GET => 'http://localhost:3000/test_redirect_with_content' );
+
+    ok( my $response = request($request), 'Request' );
+    is( $response->code, 302, 'Response Code' );
+
+    # When the developer sets both the content body and content type, the set content body and content_type should get through.
+    like( $response->header( 'Content-Type' ), qr{text/plain}, 'Content Type' );
+    like( $response->content, qr/kind sir/, 'Content contains content set by the Controller' );
+}
+
+# test redirect with dodgy host
+{
+    local $Catalyst::Test::default_host = "-->\">'>'\"<sfi000003v407412>";
+    my $request  =
+      HTTP::Request->new( GET => 'http://localhost:3000/test_redirect_uri_for');
+
+    ok( my $response = request($request), 'Request' );
+    is( $response->code, 302, 'Response Code' );
+
+    # When no body and no content_type has been set, redirecting should set both.
+    is( $response->header( 'Content-Type' ), 'text/html; charset=utf-8', 'Content Type' );
+    like( $response->content, qr/<body>/, 'Content contains HTML body' );
+    like( $response->content, qr/href="[^"]+">here<\/a>/, 'link doesn\'t have xss' );
+}
+
+done_testing;
+