X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/da2277505faa4b327df7bd0dd03aaf6317e77c11..8e976fbac165155366923a66a93868b48d665f85:/test/controllers/api/nodes_controller_test.rb

diff --git a/test/controllers/api/nodes_controller_test.rb b/test/controllers/api/nodes_controller_test.rb
index 339dd2af8..95658842b 100644
--- a/test/controllers/api/nodes_controller_test.rb
+++ b/test/controllers/api/nodes_controller_test.rb
@@ -86,7 +86,7 @@ module Api
     end
 
     def test_create_invalid_xml
-      ## Only test public user here, as test_create should cover what's the forbiddens
+      ## Only test public user here, as test_create should cover what's the forbidden
       ## that would occur here
 
       user = create(:user)
@@ -527,7 +527,7 @@ module Api
       # try and put something into a string that the API might
       # use unquoted and therefore allow code injection...
       xml = "<osm><node lat='0' lon='0' changeset='#{private_changeset.id}'>" \
-            '<tag k="#{@user.inspect}" v="0"/>' \
+            "<tag k='\#{@user.inspect}' v='0'/>" \
             "</node></osm>"
       put node_create_path, :params => xml, :headers => auth_header
       assert_require_public_data "Shouldn't be able to create with non-public user"
@@ -538,7 +538,7 @@ module Api
       # try and put something into a string that the API might
       # use unquoted and therefore allow code injection...
       xml = "<osm><node lat='0' lon='0' changeset='#{changeset.id}'>" \
-            '<tag k="#{@user.inspect}" v="0"/>' \
+            "<tag k='\#{@user.inspect}' v='0'/>" \
             "</node></osm>"
       put node_create_path, :params => xml, :headers => auth_header
       assert_response :success