diff options
Diffstat (limited to 'spec/ruby/security/cve_2010_1330_spec.rb')
| -rw-r--r-- | spec/ruby/security/cve_2010_1330_spec.rb | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/spec/ruby/security/cve_2010_1330_spec.rb b/spec/ruby/security/cve_2010_1330_spec.rb index fa4c756c6d..2594439550 100644 --- a/spec/ruby/security/cve_2010_1330_spec.rb +++ b/spec/ruby/security/cve_2010_1330_spec.rb @@ -1,7 +1,6 @@ require_relative '../spec_helper' describe "String#gsub" do - it "resists CVE-2010-1330 by raising an exception on invalid UTF-8 bytes" do # This original vulnerability talked about KCODE, which is no longer # used. Instead we are forcing encodings here. But I think the idea is the @@ -9,7 +8,7 @@ describe "String#gsub" do # #gsub on a string in the UTF-8 encoding but with invalid an UTF-8 byte # sequence. - str = "\xF6<script>" + str = +"\xF6<script>" str.force_encoding Encoding::BINARY str.gsub(/</, "<").should == "\xF6<script>".b str.force_encoding Encoding::UTF_8 @@ -17,5 +16,4 @@ describe "String#gsub" do str.gsub(/</, "<") }.should raise_error(ArgumentError, /invalid byte sequence in UTF-8/) end - end |