File: escape_test.rb

package info (click to toggle)
ruby-escape-utils 1.0.1-3
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 348 kB
  • ctags: 248
  • sloc: ansic: 1,718; ruby: 924; makefile: 2
file content (106 lines) | stat: -rw-r--r-- 3,509 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
require File.expand_path("../../helper", __FILE__)

class MyCustomHtmlSafeString < String
end

class HtmlEscapeTest < Minitest::Test
  def test_escape_basic_html_with_secure
    assert_equal "&lt;some_tag&#47;&gt;", EscapeUtils.escape_html("<some_tag/>")

    secure_before = EscapeUtils.html_secure
    EscapeUtils.html_secure = true
    assert_equal "&lt;some_tag&#47;&gt;", EscapeUtils.escape_html("<some_tag/>")
    EscapeUtils.html_secure = secure_before
  end

  def test_escape_basic_html_without_secure
    assert_equal "&lt;some_tag/&gt;", EscapeUtils.escape_html("<some_tag/>", false)

    secure_before = EscapeUtils.html_secure
    EscapeUtils.html_secure = false
    assert_equal "&lt;some_tag/&gt;", EscapeUtils.escape_html("<some_tag/>")
    EscapeUtils.html_secure = secure_before
  end

  def test_escape_double_quotes
    assert_equal "&lt;some_tag some_attr=&quot;some value&quot;&#47;&gt;", EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>")
  end

  def test_escape_single_quotes
    assert_equal "&lt;some_tag some_attr=&#39;some value&#39;&#47;&gt;", EscapeUtils.escape_html("<some_tag some_attr='some value'/>")
  end

  def test_escape_ampersand
    assert_equal "&lt;b&gt;Bourbon &amp; Branch&lt;&#47;b&gt;", EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
  end

  def test_returns_original_if_not_escaped
    str = 'foobar'
    assert_equal str.object_id, EscapeUtils.escape_html(str).object_id
  end

  def test_html_safe_escape_default_works
    str = EscapeUtils.escape_html_as_html_safe('foobar')
    assert_equal 'foobar', str
  end

  def test_returns_custom_string_class
    klass_before = EscapeUtils.html_safe_string_class
    EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString

    str = EscapeUtils.escape_html_as_html_safe('foobar')
    assert_equal 'foobar', str
    assert_equal MyCustomHtmlSafeString, str.class
    assert_equal true, str.instance_variable_get(:@html_safe)
  ensure
    EscapeUtils.html_safe_string_class = klass_before
  end

  def test_returns_custom_string_class_when_string_requires_escaping
    klass_before = EscapeUtils.html_safe_string_class
    EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString

    str = EscapeUtils.escape_html_as_html_safe("<script>")
    assert_equal "&lt;script&gt;", str
    assert_equal MyCustomHtmlSafeString, str.class
    assert_equal true, str.instance_variable_get(:@html_safe)
  ensure
    EscapeUtils.html_safe_string_class = klass_before
  end

  def test_html_safe_string_class_descends_string
    assert_raises ArgumentError do
      EscapeUtils.html_safe_string_class = Hash
    end

    begin
      EscapeUtils.html_safe_string_class = String
      EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
    rescue ArgumentError => e
      assert_nil e, "#{e.class.name} raised, expected nothing"
    end
  end

  if RUBY_VERSION =~ /^1.9/
    def test_utf8_or_ascii_input_only
      str = "<b>Bourbon & Branch</b>"

      str.force_encoding 'ISO-8859-1'
      assert_raises Encoding::CompatibilityError do
        EscapeUtils.escape_html(str)
      end

      str.force_encoding 'UTF-8'
      begin
        EscapeUtils.escape_html(str)
      rescue Encoding::CompatibilityError => e
        assert_nil e, "#{e.class.name} raised, expected not to"
      end
    end

    def test_return_value_is_tagged_as_utf8
      str = "<b>Bourbon & Branch</b>".encode('utf-8')
      assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
    end
  end
end