/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.commons.lang3; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.io.FileInputStream; import java.io.IOException; import java.io.StringWriter; import java.lang.reflect.Constructor; import java.lang.reflect.Modifier; import org.apache.commons.io.IOUtils; import org.junit.Test; import org.apache.commons.lang3.text.translate.CharSequenceTranslator; import org.apache.commons.lang3.text.translate.NumericEntityEscaper; /** * Unit tests for {@link StringEscapeUtils}. * * @version $Id: StringEscapeUtilsTest.java 1199724 2011-11-09 12:51:52Z sebb $ */ public class StringEscapeUtilsTest { private final static String FOO = "foo"; @Test public void testConstructor() { assertNotNull(new StringEscapeUtils()); Constructor[] cons = StringEscapeUtils.class.getDeclaredConstructors(); assertEquals(1, cons.length); assertTrue(Modifier.isPublic(cons[0].getModifiers())); assertTrue(Modifier.isPublic(StringEscapeUtils.class.getModifiers())); assertFalse(Modifier.isFinal(StringEscapeUtils.class.getModifiers())); } @Test public void testEscapeJava() throws IOException { assertEquals(null, StringEscapeUtils.escapeJava(null)); try { StringEscapeUtils.ESCAPE_JAVA.translate(null, null); fail(); } catch (IOException ex) { fail(); } catch (IllegalArgumentException ex) { } try { StringEscapeUtils.ESCAPE_JAVA.translate("", null); fail(); } catch (IOException ex) { fail(); } catch (IllegalArgumentException ex) { } assertEscapeJava("empty string", "", ""); assertEscapeJava(FOO, FOO); assertEscapeJava("tab", "\\t", "\t"); assertEscapeJava("backslash", "\\\\", "\\"); assertEscapeJava("single quote should not be escaped", "'", "'"); assertEscapeJava("\\\\\\b\\t\\r", "\\\b\t\r"); assertEscapeJava("\\u1234", "\u1234"); assertEscapeJava("\\u0234", "\u0234"); assertEscapeJava("\\u00EF", "\u00ef"); assertEscapeJava("\\u0001", "\u0001"); assertEscapeJava("Should use capitalized Unicode hex", "\\uABCD", "\uabcd"); assertEscapeJava("He didn't say, \\\"stop!\\\"", "He didn't say, \"stop!\""); assertEscapeJava("non-breaking space", "This space is non-breaking:" + "\\u00A0", "This space is non-breaking:\u00a0"); assertEscapeJava("\\uABCD\\u1234\\u012C", "\uABCD\u1234\u012C"); } /** * Tests https://issues.apache.org/jira/browse/LANG-421 */ @Test public void testEscapeJavaWithSlash() { final String input = "String with a slash (/) in it"; final String expected = input; final String actual = StringEscapeUtils.escapeJava(input); /** * In 2.4 StringEscapeUtils.escapeJava(String) escapes '/' characters, which are not a valid character to escape * in a Java string. */ assertEquals(expected, actual); } private void assertEscapeJava(String escaped, String original) throws IOException { assertEscapeJava(null, escaped, original); } private void assertEscapeJava(String message, String expected, String original) throws IOException { String converted = StringEscapeUtils.escapeJava(original); message = "escapeJava(String) failed" + (message == null ? "" : (": " + message)); assertEquals(message, expected, converted); StringWriter writer = new StringWriter(); StringEscapeUtils.ESCAPE_JAVA.translate(original, writer); assertEquals(expected, writer.toString()); } @Test public void testUnescapeJava() throws IOException { assertEquals(null, StringEscapeUtils.unescapeJava(null)); try { StringEscapeUtils.UNESCAPE_JAVA.translate(null, null); fail(); } catch (IOException ex) { fail(); } catch (IllegalArgumentException ex) { } try { StringEscapeUtils.UNESCAPE_JAVA.translate("", null); fail(); } catch (IOException ex) { fail(); } catch (IllegalArgumentException ex) { } try { StringEscapeUtils.unescapeJava("\\u02-3"); fail(); } catch (RuntimeException ex) { } assertUnescapeJava("", ""); assertUnescapeJava("test", "test"); assertUnescapeJava("\ntest\b", "\\ntest\\b"); assertUnescapeJava("\u123425foo\ntest\b", "\\u123425foo\\ntest\\b"); assertUnescapeJava("'\foo\teste\r", "\\'\\foo\\teste\\r"); assertUnescapeJava("", "\\"); //foo assertUnescapeJava("lowercase Unicode", "\uABCDx", "\\uabcdx"); assertUnescapeJava("uppercase Unicode", "\uABCDx", "\\uABCDx"); assertUnescapeJava("Unicode as final character", "\uABCD", "\\uabcd"); } private void assertUnescapeJava(String unescaped, String original) throws IOException { assertUnescapeJava(null, unescaped, original); } private void assertUnescapeJava(String message, String unescaped, String original) throws IOException { String expected = unescaped; String actual = StringEscapeUtils.unescapeJava(original); assertEquals("unescape(String) failed" + (message == null ? "" : (": " + message)) + ": expected '" + StringEscapeUtils.escapeJava(expected) + // we escape this so we can see it in the error message "' actual '" + StringEscapeUtils.escapeJava(actual) + "'", expected, actual); StringWriter writer = new StringWriter(); StringEscapeUtils.UNESCAPE_JAVA.translate(original, writer); assertEquals(unescaped, writer.toString()); } @Test public void testEscapeEcmaScript() { assertEquals(null, StringEscapeUtils.escapeEcmaScript(null)); try { StringEscapeUtils.ESCAPE_ECMASCRIPT.translate(null, null); fail(); } catch (IOException ex) { fail(); } catch (IllegalArgumentException ex) { } try { StringEscapeUtils.ESCAPE_ECMASCRIPT.translate("", null); fail(); } catch (IOException ex) { fail(); } catch (IllegalArgumentException ex) { } assertEquals("He didn\\'t say, \\\"stop!\\\"", StringEscapeUtils.escapeEcmaScript("He didn't say, \"stop!\"")); assertEquals("document.getElementById(\\\"test\\\").value = \\'';")); } // HTML and XML //-------------------------------------------------------------- private static final String[][] HTML_ESCAPES = { {"no escaping", "plain text", "plain text"}, {"no escaping", "plain text", "plain text"}, {"empty string", "", ""}, {"null", null, null}, {"ampersand", "bread & butter", "bread & butter"}, {"quotes", ""bread" & butter", "\"bread\" & butter"}, {"final character only", "greater than >", "greater than >"}, {"first character only", "< less than", "< less than"}, {"apostrophe", "Huntington's chorea", "Huntington's chorea"}, {"languages", "English,Français,\u65E5\u672C\u8A9E (nihongo)", "English,Fran\u00E7ais,\u65E5\u672C\u8A9E (nihongo)"}, {"8-bit ascii shouldn't number-escape", "\u0080\u009F", "\u0080\u009F"}, }; @Test public void testEscapeHtml() { for (int i = 0; i < HTML_ESCAPES.length; ++i) { String message = HTML_ESCAPES[i][0]; String expected = HTML_ESCAPES[i][1]; String original = HTML_ESCAPES[i][2]; assertEquals(message, expected, StringEscapeUtils.escapeHtml4(original)); StringWriter sw = new StringWriter(); try { StringEscapeUtils.ESCAPE_HTML4.translate(original, sw); } catch (IOException e) { } String actual = original == null ? null : sw.toString(); assertEquals(message, expected, actual); } } @Test public void testUnescapeHtml4() { for (int i = 0; i < HTML_ESCAPES.length; ++i) { String message = HTML_ESCAPES[i][0]; String expected = HTML_ESCAPES[i][2]; String original = HTML_ESCAPES[i][1]; assertEquals(message, expected, StringEscapeUtils.unescapeHtml4(original)); StringWriter sw = new StringWriter(); try { StringEscapeUtils.UNESCAPE_HTML4.translate(original, sw); } catch (IOException e) { } String actual = original == null ? null : sw.toString(); assertEquals(message, expected, actual); } // \u00E7 is a cedilla (c with wiggle under) // note that the test string must be 7-bit-clean (Unicode escaped) or else it will compile incorrectly // on some locales assertEquals("funny chars pass through OK", "Fran\u00E7ais", StringEscapeUtils.unescapeHtml4("Fran\u00E7ais")); assertEquals("Hello&;World", StringEscapeUtils.unescapeHtml4("Hello&;World")); assertEquals("Hello&#;World", StringEscapeUtils.unescapeHtml4("Hello&#;World")); assertEquals("Hello&# ;World", StringEscapeUtils.unescapeHtml4("Hello&# ;World")); assertEquals("Hello&##;World", StringEscapeUtils.unescapeHtml4("Hello&##;World")); } @Test public void testUnescapeHexCharsHtml() { // Simple easy to grok test assertEquals("hex number unescape", "\u0080\u009F", StringEscapeUtils.unescapeHtml4("€Ÿ")); assertEquals("hex number unescape", "\u0080\u009F", StringEscapeUtils.unescapeHtml4("€Ÿ")); // Test all Character values: for (char i = Character.MIN_VALUE; i < Character.MAX_VALUE; i++) { Character c1 = new Character(i); Character c2 = new Character((char)(i+1)); String expected = c1.toString() + c2.toString(); String escapedC1 = "&#x" + Integer.toHexString((c1.charValue())) + ";"; String escapedC2 = "&#x" + Integer.toHexString((c2.charValue())) + ";"; assertEquals("hex number unescape index " + (int)i, expected, StringEscapeUtils.unescapeHtml4(escapedC1 + escapedC2)); } } @Test public void testUnescapeUnknownEntity() throws Exception { assertEquals("&zzzz;", StringEscapeUtils.unescapeHtml4("&zzzz;")); } @Test public void testEscapeHtmlVersions() throws Exception { assertEquals("Β", StringEscapeUtils.escapeHtml4("\u0392")); assertEquals("\u0392", StringEscapeUtils.unescapeHtml4("Β")); // TODO: refine API for escaping/unescaping specific HTML versions } @Test public void testEscapeXml() throws Exception { assertEquals("<abc>", StringEscapeUtils.escapeXml("")); assertEquals("", StringEscapeUtils.unescapeXml("<abc>")); assertEquals("XML should not escape >0x7f values", "\u00A1", StringEscapeUtils.escapeXml("\u00A1")); assertEquals("XML should be able to unescape >0x7f values", "\u00A0", StringEscapeUtils.unescapeXml(" ")); assertEquals("XML should be able to unescape >0x7f values with one leading 0", "\u00A0", StringEscapeUtils.unescapeXml(" ")); assertEquals("XML should be able to unescape >0x7f values with two leading 0s", "\u00A0", StringEscapeUtils.unescapeXml(" ")); assertEquals("XML should be able to unescape >0x7f values with three leading 0s", "\u00A0", StringEscapeUtils.unescapeXml(" ")); assertEquals("ain't", StringEscapeUtils.unescapeXml("ain't")); assertEquals("ain't", StringEscapeUtils.escapeXml("ain't")); assertEquals("", StringEscapeUtils.escapeXml("")); assertEquals(null, StringEscapeUtils.escapeXml(null)); assertEquals(null, StringEscapeUtils.unescapeXml(null)); StringWriter sw = new StringWriter(); try { StringEscapeUtils.ESCAPE_XML.translate("", sw); } catch (IOException e) { } assertEquals("XML was escaped incorrectly", "<abc>", sw.toString() ); sw = new StringWriter(); try { StringEscapeUtils.UNESCAPE_XML.translate("<abc>", sw); } catch (IOException e) { } assertEquals("XML was unescaped incorrectly", "", sw.toString() ); } /** * Tests Supplementary characters. *

* From http://www.w3.org/International/questions/qa-escapes *

*
* Supplementary characters are those Unicode characters that have code points higher than the characters in * the Basic Multilingual Plane (BMP). In UTF-16 a supplementary character is encoded using two 16-bit surrogate code points from the * BMP. Because of this, some people think that supplementary characters need to be represented using two escapes, but this is incorrect * - you must use the single, code point value for that character. For example, use 𣎴 rather than ��. *
* @see Using character escapes in markup and CSS * @see LANG-728 */ @Test public void testEscapeXmlSupplementaryCharacters() { CharSequenceTranslator escapeXml = StringEscapeUtils.ESCAPE_XML.with( NumericEntityEscaper.between(0x7f, Integer.MAX_VALUE) ); assertEquals("Supplementary character must be represented using a single escape", "𣎴", escapeXml.translate("\uD84C\uDFB4")); } /** * Reverse of the above. * * @see LANG-729 */ @Test public void testUnescapeXmlSupplementaryCharacters() { assertEquals("Supplementary character must be represented using a single escape", "\uD84C\uDFB4", StringEscapeUtils.unescapeXml("𣎴") ); } // Tests issue #38569 // http://issues.apache.org/bugzilla/show_bug.cgi?id=38569 @Test public void testStandaloneAmphersand() { assertEquals("", StringEscapeUtils.unescapeHtml4("<P&O>")); assertEquals("test & <", StringEscapeUtils.unescapeHtml4("test & <")); assertEquals("", StringEscapeUtils.unescapeXml("<P&O>")); assertEquals("test & <", StringEscapeUtils.unescapeXml("test & <")); } @Test public void testLang313() { assertEquals("& &", StringEscapeUtils.unescapeHtml4("& &")); } @Test public void testEscapeCsvString() throws Exception { assertEquals("foo.bar", StringEscapeUtils.escapeCsv("foo.bar")); assertEquals("\"foo,bar\"", StringEscapeUtils.escapeCsv("foo,bar")); assertEquals("\"foo\nbar\"", StringEscapeUtils.escapeCsv("foo\nbar")); assertEquals("\"foo\rbar\"", StringEscapeUtils.escapeCsv("foo\rbar")); assertEquals("\"foo\"\"bar\"", StringEscapeUtils.escapeCsv("foo\"bar")); assertEquals("", StringEscapeUtils.escapeCsv("")); assertEquals(null, StringEscapeUtils.escapeCsv(null)); } @Test public void testEscapeCsvWriter() throws Exception { checkCsvEscapeWriter("foo.bar", "foo.bar"); checkCsvEscapeWriter("\"foo,bar\"", "foo,bar"); checkCsvEscapeWriter("\"foo\nbar\"", "foo\nbar"); checkCsvEscapeWriter("\"foo\rbar\"", "foo\rbar"); checkCsvEscapeWriter("\"foo\"\"bar\"", "foo\"bar"); checkCsvEscapeWriter("", null); checkCsvEscapeWriter("", ""); } private void checkCsvEscapeWriter(String expected, String value) { try { StringWriter writer = new StringWriter(); StringEscapeUtils.ESCAPE_CSV.translate(value, writer); assertEquals(expected, writer.toString()); } catch (IOException e) { fail("Threw: " + e); } } @Test public void testUnescapeCsvString() throws Exception { assertEquals("foo.bar", StringEscapeUtils.unescapeCsv("foo.bar")); assertEquals("foo,bar", StringEscapeUtils.unescapeCsv("\"foo,bar\"")); assertEquals("foo\nbar", StringEscapeUtils.unescapeCsv("\"foo\nbar\"")); assertEquals("foo\rbar", StringEscapeUtils.unescapeCsv("\"foo\rbar\"")); assertEquals("foo\"bar", StringEscapeUtils.unescapeCsv("\"foo\"\"bar\"")); assertEquals("", StringEscapeUtils.unescapeCsv("")); assertEquals(null, StringEscapeUtils.unescapeCsv(null)); assertEquals("\"foo.bar\"", StringEscapeUtils.unescapeCsv("\"foo.bar\"")); } @Test public void testUnescapeCsvWriter() throws Exception { checkCsvUnescapeWriter("foo.bar", "foo.bar"); checkCsvUnescapeWriter("foo,bar", "\"foo,bar\""); checkCsvUnescapeWriter("foo\nbar", "\"foo\nbar\""); checkCsvUnescapeWriter("foo\rbar", "\"foo\rbar\""); checkCsvUnescapeWriter("foo\"bar", "\"foo\"\"bar\""); checkCsvUnescapeWriter("", null); checkCsvUnescapeWriter("", ""); checkCsvUnescapeWriter("\"foo.bar\"", "\"foo.bar\""); } private void checkCsvUnescapeWriter(String expected, String value) { try { StringWriter writer = new StringWriter(); StringEscapeUtils.UNESCAPE_CSV.translate(value, writer); assertEquals(expected, writer.toString()); } catch (IOException e) { fail("Threw: " + e); } } /** * Tests // https://issues.apache.org/jira/browse/LANG-480 * * @throws java.io.UnsupportedEncodingException */ @Test public void testEscapeHtmlHighUnicode() throws java.io.UnsupportedEncodingException { // this is the utf8 representation of the character: // COUNTING ROD UNIT DIGIT THREE // in Unicode // codepoint: U+1D362 byte[] data = new byte[] { (byte)0xF0, (byte)0x9D, (byte)0x8D, (byte)0xA2 }; String original = new String(data, "UTF8"); String escaped = StringEscapeUtils.escapeHtml4( original ); assertEquals( "High Unicode should not have been escaped", original, escaped); String unescaped = StringEscapeUtils.unescapeHtml4( escaped ); assertEquals( "High Unicode should have been unchanged", original, unescaped); // TODO: I think this should hold, needs further investigation // String unescapedFromEntity = StringEscapeUtils.unescapeHtml4( "𝍢" ); // assertEquals( "High Unicode should have been unescaped", original, unescapedFromEntity); } /** * Tests https://issues.apache.org/jira/browse/LANG-339 */ @Test public void testEscapeHiragana() { // Some random Japanese Unicode characters String original = "\u304B\u304C\u3068"; String escaped = StringEscapeUtils.escapeHtml4(original); assertEquals( "Hiragana character Unicode behaviour should not be being escaped by escapeHtml4", original, escaped); String unescaped = StringEscapeUtils.unescapeHtml4( escaped ); assertEquals( "Hiragana character Unicode behaviour has changed - expected no unescaping", escaped, unescaped); } /** * Tests https://issues.apache.org/jira/browse/LANG-708 * * @throws IOException * if an I/O error occurs */ @Test public void testLang708() throws IOException { String input = IOUtils.toString(new FileInputStream("src/test/resources/lang-708-input.txt"), "UTF-8"); String escaped = StringEscapeUtils.escapeEcmaScript(input); // just the end: assertTrue(escaped, escaped.endsWith("}]")); // a little more: assertTrue(escaped, escaped.endsWith("\"valueCode\\\":\\\"\\\"}]")); } /** * Tests https://issues.apache.org/jira/browse/LANG-720 */ @Test public void testLang720() { String input = new StringBuilder("\ud842\udfb7").append("A").toString(); String escaped = StringEscapeUtils.escapeXml(input); assertEquals(input, escaped); } }