From 0021ddd0368b78ae43ed95694acc5e5e88ea9701 Mon Sep 17 00:00:00 2001
From: chrismo <chrismo@clabs.org>
Date: Tue, 1 Oct 2013 16:20:15 -0500
Subject: [PATCH] Unvalidated redirect spec added

---
 spec/features/unvalidated_redirects_spec.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 spec/features/unvalidated_redirects_spec.rb

diff --git a/spec/features/unvalidated_redirects_spec.rb b/spec/features/unvalidated_redirects_spec.rb
new file mode 100644
index 0000000..8b52f7e
--- /dev/null
+++ b/spec/features/unvalidated_redirects_spec.rb
@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+feature 'unvalidated redirect' do
+  before do
+    UserFixture.reset_all_users
+    @normal_user = UserFixture.normal_user
+  end
+
+  scenario 'login redirects to anywhere', :js => true do
+    visit '/?url=http://example.com/do/evil/things'
+    within('.signup') do
+      fill_in 'email', :with => @normal_user.email
+      fill_in 'password', :with => @normal_user.clear_password
+    end
+    click_on 'Login'
+
+    current_url.should == 'http://example.com/do/evil/things'
+  end
+end
\ No newline at end of file