SECURITY: Fix XSS on unsubscribed page.

2025-05-22 16:34:31 +08:00 · 2017-10-09 09:04:46 +08:00
parent 6fe604b93e
commit a6f2533d38
2 changed files with 14 additions and 0 deletions
--- a/spec/requests/email_controller_spec.rb
+++ b/spec/requests/email_controller_spec.rb
@ -0,0 +1,13 @@
+require 'rails_helper'
+
+RSpec.describe EmailController do
+  describe '#unsubscribed' do
+    describe 'when email is invalid' do
+      it 'should return the right response' do
+        get '/email/unsubscribed', params: { email: 'somerandomstring' }
+
+        expect(response.status).to eq(404)
+      end
+    end
+  end
+end