From 609d80263493eb3081c219859fddbc0bb3b36936 Mon Sep 17 00:00:00 2001
From: Postmodern <postmodern.mod3@gmail.com>
Date: Fri, 24 May 2024 22:29:51 -0700
Subject: [PATCH] Add missing specs meta-redirect dections in
 `OpenRedirect#vulnerable?`.

* Add specs for when when `content=` is double quoted, but `url=` is
  single quoted.
---
 spec/open_redirect_spec.rb | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/spec/open_redirect_spec.rb b/spec/open_redirect_spec.rb
index ea633f6..bb672c6 100644
--- a/spec/open_redirect_spec.rb
+++ b/spec/open_redirect_spec.rb
@@ -439,6 +439,29 @@
             end
           end
 
+          context "when the content attribute is double quoted" do
+            context "and the url value is single quoted" do
+              let(:response_body) do
+                <<~HTML
+                  <html>
+                    <head>
+                      <meta http-equiv="refresh" content="0;url='#{subject.test_url}'"/>
+                    </head>
+                    <body>
+                      <p>example content</p>
+                      <p>included content</p>
+                      <p>more content</p>
+                    </body>
+                  </html>
+                HTML
+              end
+
+              it "must return true" do
+                expect(subject.vulnerable?).to be_truthy
+              end
+            end
+          end
+
           context "when the content attribute is not quoted" do
             context "and the url value is double quoted" do
               let(:response_body) do