Package: ruby-gon
Version: 6.3.2-1
Severity: important
User: pkg-ruby-extras-maintain...@lists.alioth.debian.org
Usertags: rails6-transition
Control: forwarded -1 https://github.com/gazay/gon/issues/262
Hi,
This package's autopkgtest and rebuilds failed with rails 6 currently in
experimental. rails 6 will be uploaded to unstable in two weeks, so
please make sure this package is ready for rails 6. The severity of
this bug will be raised to serious after rails 6 is uploaded to
unstable.
Relevant errors,
Failures:
1) Gon#include_gon outputs correct js with a script string
Failure/Error:
expect(@base.include_gon).to eq(wrap_script(
'window.gon={};' +
%Q(gon.str="#{escaped_str}";))
)
expected:
"<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"\\u003c/script\\u003e\\u003cscript\\u003ealert('!')\\u003c/script\\u003e\";\n//]]>\n</script>"
got:
"<script>\n//<![CDATA[\nwindow.gon={};gon.str=\"</script><script>alert('!')</script>\";\n//]]>\n</script>"
(compared using ==)
Diff:
@@ -1,6 +1,6 @@
<script>
//<![CDATA[
-window.gon={};gon.str="\u003c/script\u003e\u003cscript\u003ealert('!')\u003c/script\u003e";
+window.gon={};gon.str="</script><script>alert('!')</script>";
//]]>
</script>
# ./spec/gon/basic_spec.rb:118:in `block (3 levels) in <top
(required)>'
Finished in 0.82567 seconds (files took 3.3 seconds to load)
72 examples, 1 failure
Same is forwarded upstream https://github.com/gazay/gon/issues/262
