Heya 
I’ve been tackling the Ruby Secure Coding Fundamentals Badge, and have hit a failing test that I’d love a hint for.
Currently all usability tests pass and the first cloud security test (test_vuln1_return_http403) passes, but my code is failing on the second security test, test_vuln2_return_escaped_html_http200.
Approaches I’ve tried so far but the test still fails:
- Patching: output encoding on the response body via either
Rack::Utils.escape_htmlorCGI::escapeHTML(matching a pattern that passed xss.rb coding challenge) - Secure by Default: a
Usernamevalue object that validates input at construction (alphanumeric + _, -, ', ., length 1–32) and exposes an.escapedaccessor - Escaping
/filecontent output - Escaping the whole response body on
/login - Strict alphanumeric-only username validation (which regressed vuln1)
- Setting up a db user with a non-alphanumeric char in their name (e.g.
o’malley) to assert successful login and expected encoding of that char
The name of the test, escaped_html_http200 is very similar to the xss.rb test phrasing, so I suspect this one is a similar shape (input reflected, status 200, body contains escaped entities).
Any hints, particularly about the endpoint and input, would be much appreciated. At this stage it’s less about the badge and more about ensuring I actually understand the concept 
Thanks in advance!