1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
|
require File.expand_path("../../helper", __FILE__)
class MyCustomHtmlSafeString < String
end
class HtmlEscapeTest < Minitest::Test
def test_escape_basic_html_with_secure
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
secure_before = EscapeUtils.html_secure
EscapeUtils.html_secure = true
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
EscapeUtils.html_secure = secure_before
end
def test_escape_basic_html_without_secure
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>", false)
secure_before = EscapeUtils.html_secure
EscapeUtils.html_secure = false
assert_equal "<some_tag/>", EscapeUtils.escape_html("<some_tag/>")
EscapeUtils.html_secure = secure_before
end
def test_escape_double_quotes
assert_equal "<some_tag some_attr="some value"/>", EscapeUtils.escape_html("<some_tag some_attr=\"some value\"/>")
end
def test_escape_single_quotes
assert_equal "<some_tag some_attr='some value'/>", EscapeUtils.escape_html("<some_tag some_attr='some value'/>")
end
def test_escape_ampersand
assert_equal "<b>Bourbon & Branch</b>", EscapeUtils.escape_html("<b>Bourbon & Branch</b>")
end
def test_returns_original_if_not_escaped
str = 'foobar'
assert_equal str.object_id, EscapeUtils.escape_html(str).object_id
end
def test_html_safe_escape_default_works
str = EscapeUtils.escape_html_as_html_safe('foobar')
assert_equal 'foobar', str
end
def test_returns_custom_string_class
klass_before = EscapeUtils.html_safe_string_class
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
str = EscapeUtils.escape_html_as_html_safe('foobar')
assert_equal 'foobar', str
assert_equal MyCustomHtmlSafeString, str.class
assert_equal true, str.instance_variable_get(:@html_safe)
ensure
EscapeUtils.html_safe_string_class = klass_before
end
def test_returns_custom_string_class_when_string_requires_escaping
klass_before = EscapeUtils.html_safe_string_class
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
str = EscapeUtils.escape_html_as_html_safe("<script>")
assert_equal "<script>", str
assert_equal MyCustomHtmlSafeString, str.class
assert_equal true, str.instance_variable_get(:@html_safe)
ensure
EscapeUtils.html_safe_string_class = klass_before
end
def test_html_safe_string_class_descends_string
assert_raises ArgumentError do
EscapeUtils.html_safe_string_class = Hash
end
begin
EscapeUtils.html_safe_string_class = String
EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString
rescue ArgumentError => e
assert_nil e, "#{e.class.name} raised, expected nothing"
end
end
if RUBY_VERSION =~ /^1.9/
def test_utf8_or_ascii_input_only
str = "<b>Bourbon & Branch</b>"
str.force_encoding 'ISO-8859-1'
assert_raises Encoding::CompatibilityError do
EscapeUtils.escape_html(str)
end
str.force_encoding 'UTF-8'
begin
EscapeUtils.escape_html(str)
rescue Encoding::CompatibilityError => e
assert_nil e, "#{e.class.name} raised, expected not to"
end
end
def test_return_value_is_tagged_as_utf8
str = "<b>Bourbon & Branch</b>".encode('utf-8')
assert_equal Encoding.find('UTF-8'), EscapeUtils.escape_html(str).encoding
end
end
end
|