Testing bug with instance variables and security patch

rails_4.2.11.3_test.rb

# frozen_string_literal: true

require "bundler/inline"

gemfile(true) do
  source "https://rubygems.org"

  git_source(:github) { |repo| "https://github.com/#{repo}.git" }

  # Activate the gem you are reporting the issue against.
  gem "rails", "4.2.11.3"
end

require "rack/test"
require "action_controller/railtie"

class TestApp < Rails::Application
  config.root = __dir__
  config.session_store :cookie_store, key: "cookie_store_key"
  secrets.secret_key_base = "secret_key_base"

  config.logger = Logger.new($stdout)
  Rails.logger  = config.logger

  routes.draw do
    get "/" => "test#index"
  end

  config.root
end

File.write("#{Rails.root}/test/test_view.html.erb", '<p><%=@some_dynamic_content%></p>')

class TestController < ActionController::Base
  include Rails.application.routes.url_helpers
  prepend_view_path Rails.root

  def index
    view_location = "test_view"
    content = render_to_string(
      view_location,
      locals: {
        :@some_dynamic_content => "dynamic text"
      }
    )
    render plain: content.to_s
  end
end

require "minitest/autorun"

class BugTest < Minitest::Test
  include Rack::Test::Methods

  def test_returns_success
    get "/"
    assert last_response.ok?
    assert(last_response.body.include? 'dynamic text')
  end

  private
    def app
      Rails.application
    end
end