page.response_headers['Content-Type'].should == "text/csv"
page.response_headers['Content-Disposition'].should == "attachment; filename=\"some_file.csv\""
find("a.some_link")["href"].should == "http://google.com"
Manually set the value of a field (even if it is a hidden field) with the following:
find("#your_field_id").set "malicious_value"