2012-05-01 11:09:15 -04:00
|
|
|
require 'test_helper'
|
2008-09-21 18:24:18 -04:00
|
|
|
require 'sass/plugin'
|
2012-05-01 11:09:15 -04:00
|
|
|
require 'mocks/article'
|
2006-09-29 14:39:13 -04:00
|
|
|
|
2008-11-25 04:22:18 -05:00
|
|
|
require 'action_pack/version'
|
|
|
|
|
2008-05-23 04:16:24 -04:00
|
|
|
module Haml::Filters::Test
|
2008-02-23 02:03:25 -05:00
|
|
|
include Haml::Filters::Base
|
2007-01-20 20:28:13 -05:00
|
|
|
|
2008-02-23 02:03:25 -05:00
|
|
|
def render(text)
|
2007-01-20 20:28:13 -05:00
|
|
|
"TESTING HAHAHAHA!"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2008-06-11 15:45:20 -04:00
|
|
|
module Haml::Helpers
|
|
|
|
def test_partial(name, locals = {})
|
|
|
|
Haml::Engine.new(File.read(File.join(TemplateTest::TEMPLATE_PATH, "_#{name}.haml"))).render(self, locals)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2009-02-10 04:39:18 -05:00
|
|
|
class Egocentic
|
|
|
|
def method_missing(*args)
|
|
|
|
self
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2008-09-21 18:31:55 -04:00
|
|
|
class DummyController
|
2009-02-10 04:39:18 -05:00
|
|
|
attr_accessor :logger
|
|
|
|
def initialize
|
|
|
|
@logger = Egocentic.new
|
|
|
|
end
|
2011-06-28 02:44:49 -04:00
|
|
|
|
2008-09-21 18:31:55 -04:00
|
|
|
def self.controller_path
|
2009-06-03 00:21:57 -04:00
|
|
|
''
|
|
|
|
end
|
|
|
|
|
|
|
|
def controller_path
|
2008-09-21 18:31:55 -04:00
|
|
|
''
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-04-30 12:54:43 -04:00
|
|
|
class TemplateTest < MiniTest::Unit::TestCase
|
2008-06-11 15:45:20 -04:00
|
|
|
TEMPLATE_PATH = File.join(File.dirname(__FILE__), "templates")
|
2008-06-11 20:32:43 -04:00
|
|
|
TEMPLATES = %w{ very_basic standard helpers
|
2006-12-03 17:18:33 -05:00
|
|
|
whitespace_handling original_engine list helpful
|
2008-11-25 04:22:18 -05:00
|
|
|
silent_script tag_parsing just_stuff partials
|
2009-02-21 16:19:05 -05:00
|
|
|
filters nuke_outer_whitespace nuke_inner_whitespace
|
|
|
|
render_layout }
|
2008-11-25 04:22:18 -05:00
|
|
|
# partial layouts were introduced in 2.0.0
|
|
|
|
TEMPLATES << 'partial_layout' unless ActionPack::VERSION::MAJOR < 2
|
2006-11-20 20:00:21 -05:00
|
|
|
|
2006-09-29 14:39:13 -04:00
|
|
|
def setup
|
2009-02-09 14:18:33 -05:00
|
|
|
@base = create_base
|
|
|
|
|
|
|
|
# filters template uses :sass
|
|
|
|
Sass::Plugin.options.update(:line_comments => true, :style => :compact)
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_base
|
2008-06-28 23:37:15 -04:00
|
|
|
vars = { 'article' => Article.new, 'foo' => 'value one' }
|
2011-06-28 02:44:49 -04:00
|
|
|
|
2009-01-22 19:29:02 -05:00
|
|
|
unless Haml::Util.has?(:instance_method, ActionView::Base, :finder)
|
2009-02-09 14:18:33 -05:00
|
|
|
base = ActionView::Base.new(TEMPLATE_PATH, vars)
|
2008-06-28 23:37:15 -04:00
|
|
|
else
|
|
|
|
# Rails 2.1.0
|
2009-02-09 14:18:33 -05:00
|
|
|
base = ActionView::Base.new([], vars)
|
|
|
|
base.finder.append_view_path(TEMPLATE_PATH)
|
2008-06-28 23:37:15 -04:00
|
|
|
end
|
2011-06-28 02:44:49 -04:00
|
|
|
|
2009-02-09 14:18:33 -05:00
|
|
|
if Haml::Util.has?(:private_method, base, :evaluate_assigns)
|
2010-03-13 00:31:32 -05:00
|
|
|
# Rails < 3.0
|
2009-02-09 14:18:33 -05:00
|
|
|
base.send(:evaluate_assigns)
|
2010-03-13 00:31:32 -05:00
|
|
|
elsif Haml::Util.has?(:private_method, base, :_evaluate_assigns_and_ivars)
|
2008-09-19 10:08:48 -04:00
|
|
|
# Rails 2.2
|
2009-02-09 14:18:33 -05:00
|
|
|
base.send(:_evaluate_assigns_and_ivars)
|
2008-09-19 10:08:48 -04:00
|
|
|
end
|
2007-12-10 21:00:06 -05:00
|
|
|
|
2010-03-21 19:16:01 -04:00
|
|
|
# This is needed by RJS in (at least) Rails 3
|
|
|
|
base.instance_variable_set('@template', base)
|
|
|
|
|
2007-12-10 21:00:06 -05:00
|
|
|
# This is used by form_for.
|
|
|
|
# It's usually provided by ActionController::Base.
|
2009-02-09 14:18:33 -05:00
|
|
|
def base.protect_against_forgery?; false; end
|
|
|
|
|
2010-03-01 21:20:04 -05:00
|
|
|
# In Rails <= 2.1, a fake controller object was needed
|
|
|
|
# to provide the controller path.
|
|
|
|
if ActionPack::VERSION::MAJOR < 2 ||
|
|
|
|
(ActionPack::VERSION::MAJOR == 2 && ActionPack::VERSION::MINOR < 2)
|
|
|
|
base.controller = DummyController.new
|
|
|
|
end
|
|
|
|
|
2009-02-09 14:18:33 -05:00
|
|
|
base
|
2006-09-29 14:39:13 -04:00
|
|
|
end
|
|
|
|
|
2009-10-14 20:57:12 -04:00
|
|
|
def render(text, opts = {})
|
2009-10-16 05:42:12 -04:00
|
|
|
return @base.render(:inline => text, :type => :haml) if opts == :action_view
|
2009-10-14 20:57:12 -04:00
|
|
|
Haml::Engine.new(text, opts).to_html(@base)
|
2006-09-29 14:39:13 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def load_result(name)
|
|
|
|
@result = ''
|
|
|
|
File.new(File.dirname(__FILE__) + "/results/#{name}.xhtml").each_line { |l| @result += l }
|
|
|
|
@result
|
|
|
|
end
|
|
|
|
|
2007-11-23 12:26:05 -05:00
|
|
|
def assert_renders_correctly(name, &render_method)
|
2009-10-16 05:42:12 -04:00
|
|
|
old_options = Haml::Template.options.dup
|
|
|
|
Haml::Template.options[:escape_html] = false
|
2009-07-04 22:04:42 -04:00
|
|
|
if ActionPack::VERSION::MAJOR < 2 ||
|
|
|
|
(ActionPack::VERSION::MAJOR == 2 && ActionPack::VERSION::MINOR < 2)
|
2011-06-28 02:44:49 -04:00
|
|
|
render_method ||= proc { |n| @base.render(n) }
|
2008-12-06 23:26:31 -05:00
|
|
|
else
|
2011-06-28 02:44:49 -04:00
|
|
|
render_method ||= proc { |n| @base.render(:file => n) }
|
2008-12-06 23:26:31 -05:00
|
|
|
end
|
2008-06-11 20:38:00 -04:00
|
|
|
|
|
|
|
load_result(name).split("\n").zip(render_method[name].split("\n")).each_with_index do |pair, line|
|
|
|
|
message = "template: #{name}\nline: #{line}"
|
|
|
|
assert_equal(pair.first, pair.last, message)
|
2006-09-29 14:39:13 -04:00
|
|
|
end
|
2009-12-10 15:29:06 -05:00
|
|
|
rescue Haml::Util.av_template_class(:Error) => e
|
2008-06-11 20:38:00 -04:00
|
|
|
if e.message =~ /Can't run [\w:]+ filter; required (one of|file) ((?:'\w+'(?: or )?)+)(, but none were found| not found)/
|
|
|
|
puts "\nCouldn't require #{$2}; skipping a test."
|
|
|
|
else
|
|
|
|
raise e
|
2007-05-10 04:12:20 -04:00
|
|
|
end
|
2009-10-16 05:42:12 -04:00
|
|
|
ensure
|
|
|
|
Haml::Template.options = old_options
|
2006-09-29 14:39:13 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_empty_render_should_remain_empty
|
|
|
|
assert_equal('', render(''))
|
|
|
|
end
|
|
|
|
|
2008-06-11 20:32:43 -04:00
|
|
|
TEMPLATES.each do |template|
|
2008-06-01 14:34:59 -04:00
|
|
|
define_method "test_template_should_render_correctly [template: #{template}] " do
|
2006-09-29 14:39:13 -04:00
|
|
|
assert_renders_correctly template
|
|
|
|
end
|
2008-06-11 20:35:06 -04:00
|
|
|
end
|
2006-11-04 01:36:16 -05:00
|
|
|
|
2008-06-11 20:35:06 -04:00
|
|
|
def test_templates_should_render_correctly_with_render_proc
|
|
|
|
assert_renders_correctly("standard") do |name|
|
|
|
|
engine = Haml::Engine.new(File.read(File.dirname(__FILE__) + "/templates/#{name}.haml"))
|
|
|
|
engine.render_proc(@base).call
|
2007-11-23 12:26:05 -05:00
|
|
|
end
|
2008-06-11 20:35:06 -04:00
|
|
|
end
|
2011-06-28 02:44:49 -04:00
|
|
|
|
2008-06-11 20:35:06 -04:00
|
|
|
def test_templates_should_render_correctly_with_def_method
|
|
|
|
assert_renders_correctly("standard") do |name|
|
|
|
|
engine = Haml::Engine.new(File.read(File.dirname(__FILE__) + "/templates/#{name}.haml"))
|
|
|
|
engine.def_method(@base, "render_standard")
|
|
|
|
@base.render_standard
|
2007-11-23 21:32:18 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2009-11-04 20:54:30 -05:00
|
|
|
if ActionPack::VERSION::MAJOR < 3
|
|
|
|
# Rails 3.0.0 deprecates the use of yield with a layout
|
|
|
|
# for calls to render :file
|
|
|
|
def test_action_view_templates_render_correctly
|
|
|
|
proc = lambda do
|
|
|
|
@base.content_for(:layout) {'Lorem ipsum dolor sit amet'}
|
|
|
|
assert_renders_correctly 'content_for_layout'
|
|
|
|
end
|
|
|
|
|
|
|
|
if @base.respond_to?(:with_output_buffer)
|
|
|
|
@base.with_output_buffer("", &proc)
|
|
|
|
else
|
|
|
|
proc.call
|
|
|
|
end
|
2009-07-14 02:23:03 -04:00
|
|
|
end
|
2006-09-29 14:39:13 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_instance_variables_should_work_inside_templates
|
|
|
|
@base.instance_variable_set("@content_for_layout", 'something')
|
2006-10-05 11:18:35 -04:00
|
|
|
assert_equal("<p>something</p>", render("%p= @content_for_layout").chomp)
|
2006-11-04 01:36:16 -05:00
|
|
|
|
2006-09-29 14:39:13 -04:00
|
|
|
@base.instance_eval("@author = 'Hampton Catlin'")
|
2006-10-05 11:18:35 -04:00
|
|
|
assert_equal("<div class='author'>Hampton Catlin</div>", render(".author= @author").chomp)
|
2006-09-29 14:39:13 -04:00
|
|
|
|
|
|
|
@base.instance_eval("@author = 'Hampton'")
|
|
|
|
assert_equal("Hampton", render("= @author").chomp)
|
2006-11-04 01:36:16 -05:00
|
|
|
|
2006-09-29 14:39:13 -04:00
|
|
|
@base.instance_eval("@author = 'Catlin'")
|
|
|
|
assert_equal("Catlin", render("= @author").chomp)
|
|
|
|
end
|
2006-11-04 01:36:16 -05:00
|
|
|
|
2006-09-29 14:39:13 -04:00
|
|
|
def test_instance_variables_should_work_inside_attributes
|
|
|
|
@base.instance_eval("@author = 'hcatlin'")
|
|
|
|
assert_equal("<p class='hcatlin'>foo</p>", render("%p{:class => @author} foo").chomp)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_template_renders_should_eval
|
|
|
|
assert_equal("2\n", render("= 1+1"))
|
|
|
|
end
|
2006-11-04 01:36:16 -05:00
|
|
|
|
2010-03-13 01:15:42 -05:00
|
|
|
unless Haml::Util.ap_geq_3?
|
|
|
|
def test_form_for_error_return
|
2012-04-30 12:54:43 -04:00
|
|
|
assert_raises(Haml::Error) { render(<<HAML) }
|
2010-02-28 23:30:39 -05:00
|
|
|
= form_for :article, @article, :url => '' do |f|
|
|
|
|
Title:
|
|
|
|
= f.text_field :title
|
|
|
|
Body:
|
|
|
|
= f.text_field :body
|
|
|
|
HAML
|
2010-03-13 01:15:42 -05:00
|
|
|
end
|
2010-02-28 23:30:39 -05:00
|
|
|
|
2010-03-13 01:15:42 -05:00
|
|
|
def test_form_tag_error_return
|
2012-04-30 12:54:43 -04:00
|
|
|
assert_raises(Haml::Error) { render(<<HAML) }
|
2010-02-28 23:30:39 -05:00
|
|
|
= form_tag '' do
|
|
|
|
Title:
|
|
|
|
Body:
|
|
|
|
HAML
|
2010-03-13 01:15:42 -05:00
|
|
|
end
|
2010-02-28 23:30:39 -05:00
|
|
|
end
|
|
|
|
|
2006-10-30 01:59:57 -05:00
|
|
|
def test_haml_options
|
2009-10-16 05:42:12 -04:00
|
|
|
old_options = Haml::Template.options.dup
|
|
|
|
Haml::Template.options[:suppress_eval] = true
|
2009-02-09 14:18:33 -05:00
|
|
|
old_base, @base = @base, create_base
|
2006-10-30 01:59:57 -05:00
|
|
|
assert_renders_correctly("eval_suppressed")
|
2009-10-16 05:42:12 -04:00
|
|
|
ensure
|
2009-02-09 14:18:33 -05:00
|
|
|
@base = old_base
|
2009-10-16 05:42:12 -04:00
|
|
|
Haml::Template.options = old_options
|
2006-10-30 01:59:57 -05:00
|
|
|
end
|
2006-11-04 01:36:16 -05:00
|
|
|
|
2009-10-14 20:57:12 -04:00
|
|
|
def test_with_output_buffer_with_ugly
|
2009-10-14 21:12:22 -04:00
|
|
|
return unless Haml::Util.has?(:instance_method, ActionView::Base, :with_output_buffer)
|
2009-10-14 20:57:12 -04:00
|
|
|
assert_equal(<<HTML, render(<<HAML, :ugly => true))
|
|
|
|
<p>
|
|
|
|
foo
|
|
|
|
baz
|
|
|
|
</p>
|
|
|
|
HTML
|
|
|
|
%p
|
|
|
|
foo
|
2010-03-16 19:58:10 -04:00
|
|
|
-# Parenthesis required due to Rails 3.0 deprecation of block helpers
|
|
|
|
-# that return strings.
|
|
|
|
- (with_output_buffer do
|
2009-10-14 20:57:12 -04:00
|
|
|
bar
|
|
|
|
= "foo".gsub(/./) do |s|
|
2009-11-04 20:50:16 -05:00
|
|
|
- "flup"
|
2010-03-16 19:58:10 -04:00
|
|
|
- end; nil)
|
2009-10-14 20:57:12 -04:00
|
|
|
baz
|
|
|
|
HAML
|
|
|
|
end
|
|
|
|
|
2006-10-14 18:24:53 -04:00
|
|
|
def test_exceptions_should_work_correctly
|
|
|
|
begin
|
2007-01-27 01:34:01 -05:00
|
|
|
render("- raise 'oops!'")
|
2006-10-14 18:24:53 -04:00
|
|
|
rescue Exception => e
|
2007-11-23 02:02:07 -05:00
|
|
|
assert_equal("oops!", e.message)
|
2007-11-25 22:26:16 -05:00
|
|
|
assert_match(/^\(haml\):1/, e.backtrace[0])
|
2007-01-27 02:10:49 -05:00
|
|
|
else
|
|
|
|
assert false
|
2006-10-14 18:24:53 -04:00
|
|
|
end
|
2006-11-04 01:36:16 -05:00
|
|
|
|
2006-10-21 16:16:26 -04:00
|
|
|
template = <<END
|
|
|
|
%p
|
|
|
|
%h1 Hello!
|
|
|
|
= "lots of lines"
|
|
|
|
= "even more!"
|
2007-01-27 01:34:01 -05:00
|
|
|
- raise 'oh no!'
|
2006-10-21 16:16:26 -04:00
|
|
|
%p
|
|
|
|
this is after the exception
|
|
|
|
%strong yes it is!
|
|
|
|
ho ho ho.
|
|
|
|
END
|
|
|
|
|
|
|
|
begin
|
|
|
|
render(template.chomp)
|
|
|
|
rescue Exception => e
|
2007-11-25 22:26:16 -05:00
|
|
|
assert_match(/^\(haml\):5/, e.backtrace[0])
|
2007-01-27 02:10:49 -05:00
|
|
|
else
|
|
|
|
assert false
|
2006-10-21 16:16:26 -04:00
|
|
|
end
|
2009-10-16 05:42:12 -04:00
|
|
|
end
|
|
|
|
|
2010-03-15 20:40:39 -04:00
|
|
|
if defined?(ActionView::OutputBuffer) &&
|
|
|
|
Haml::Util.has?(:instance_method, ActionView::OutputBuffer, :append_if_string=)
|
|
|
|
def test_av_block_deprecation_warning
|
|
|
|
assert_warning(/^DEPRECATION WARNING: - style block helpers are deprecated\. Please use =\./) do
|
|
|
|
assert_equal <<HTML, render(<<HAML, :action_view)
|
2010-07-27 01:21:10 -04:00
|
|
|
<form #{rails_form_attr}action="" method="post">#{rails_form_opener}
|
2010-03-15 20:40:39 -04:00
|
|
|
Title:
|
|
|
|
<input id="article_title" name="article[title]" size="30" type="text" value="Hello" />
|
|
|
|
Body:
|
|
|
|
<input id="article_body" name="article[body]" size="30" type="text" value="World" />
|
|
|
|
</form>
|
|
|
|
HTML
|
2010-04-17 19:33:57 -04:00
|
|
|
- form_for #{form_for_calling_convention(:article)}, :url => '' do |f|
|
2010-03-15 20:40:39 -04:00
|
|
|
Title:
|
|
|
|
= f.text_field :title
|
|
|
|
Body:
|
|
|
|
= f.text_field :body
|
|
|
|
HAML
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2011-10-14 17:41:06 -04:00
|
|
|
if ActionPack::VERSION::MAJOR >= 3
|
|
|
|
# Rails 3's #label helper can take a block.
|
|
|
|
def test_form_builder_label_with_block
|
|
|
|
assert_equal(<<HTML, render(<<HAML, :action_view))
|
|
|
|
<form #{rails_form_attr}action="" method="post">#{rails_form_opener}
|
|
|
|
<label for="article_title">Block content
|
|
|
|
</label>
|
|
|
|
</form>
|
|
|
|
HTML
|
|
|
|
#{rails_block_helper_char} form_for #{form_for_calling_convention(:article)}, :url => '' do |f|
|
|
|
|
= f.label :title do
|
|
|
|
Block content
|
|
|
|
HAML
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2009-10-16 05:42:12 -04:00
|
|
|
## XSS Protection Tests
|
|
|
|
|
2009-10-29 17:14:30 -04:00
|
|
|
# In order to enable these, either test against Rails 3.0
|
|
|
|
# or test against Rails 2.2.5+ with the rails_xss plugin
|
|
|
|
# (http://github.com/NZKoz/rails_xss) in test/plugins.
|
2009-10-16 05:42:12 -04:00
|
|
|
if Haml::Util.rails_xss_safe?
|
|
|
|
def test_escape_html_option_set
|
|
|
|
assert Haml::Template.options[:escape_html]
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection
|
|
|
|
assert_equal("Foo & Bar\n", render('= "Foo & Bar"', :action_view))
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection_with_safe_strings
|
2010-02-04 23:27:05 -05:00
|
|
|
assert_equal("Foo & Bar\n", render('= Haml::Util.html_safe("Foo & Bar")', :action_view))
|
2009-10-16 05:42:12 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection_with_bang
|
|
|
|
assert_equal("Foo & Bar\n", render('!= "Foo & Bar"', :action_view))
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection_in_interpolation
|
|
|
|
assert_equal("Foo & Bar\n", render('Foo #{"&"} Bar', :action_view))
|
|
|
|
end
|
|
|
|
|
2011-12-13 14:53:31 -05:00
|
|
|
def test_xss_protection_in_attributes
|
|
|
|
assert_equal("<div data-html='<foo>bar</foo>'></div>\n", render('%div{ "data-html" => "<foo>bar</foo>" }', :action_view))
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection_in_attributes_with_safe_strings
|
|
|
|
assert_equal("<div data-html='<foo>bar</foo>'></div>\n", render('%div{ "data-html" => "<foo>bar</foo>".html_safe }', :action_view))
|
|
|
|
end
|
|
|
|
|
2009-10-16 05:42:12 -04:00
|
|
|
def test_xss_protection_with_bang_in_interpolation
|
|
|
|
assert_equal("Foo & Bar\n", render('! Foo #{"&"} Bar', :action_view))
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection_with_safe_strings_in_interpolation
|
2010-02-04 23:27:05 -05:00
|
|
|
assert_equal("Foo & Bar\n", render('Foo #{Haml::Util.html_safe("&")} Bar', :action_view))
|
2009-10-16 05:42:12 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection_with_mixed_strings_in_interpolation
|
2010-02-04 23:27:05 -05:00
|
|
|
assert_equal("Foo & Bar & Baz\n", render('Foo #{Haml::Util.html_safe("&")} Bar #{"&"} Baz', :action_view))
|
2009-10-16 05:42:12 -04:00
|
|
|
end
|
2009-10-29 17:14:30 -04:00
|
|
|
|
|
|
|
def test_rendered_string_is_html_safe
|
|
|
|
assert(render("Foo").html_safe?)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_rendered_string_is_html_safe_with_action_view
|
|
|
|
assert(render("Foo", :action_view).html_safe?)
|
|
|
|
end
|
2009-10-30 00:07:53 -04:00
|
|
|
|
|
|
|
def test_xss_html_escaping_with_non_strings
|
|
|
|
assert_equal("4\n", render("= html_escape(4)"))
|
|
|
|
end
|
2010-02-04 23:36:32 -05:00
|
|
|
|
|
|
|
def test_xss_protection_with_concat
|
|
|
|
assert_equal("Foo & Bar", render('- concat "Foo & Bar"', :action_view))
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_xss_protection_with_concat_with_safe_string
|
|
|
|
assert_equal("Foo & Bar", render('- concat(Haml::Util.html_safe("Foo & Bar"))', :action_view))
|
|
|
|
end
|
|
|
|
|
|
|
|
if Haml::Util.has?(:instance_method, ActionView::Helpers::TextHelper, :safe_concat)
|
|
|
|
def test_xss_protection_with_safe_concat
|
|
|
|
assert_equal("Foo & Bar", render('- safe_concat "Foo & Bar"', :action_view))
|
|
|
|
end
|
|
|
|
end
|
2010-02-08 20:14:10 -05:00
|
|
|
|
|
|
|
## Regression
|
|
|
|
|
2010-02-15 20:56:58 -05:00
|
|
|
def test_xss_protection_with_nested_haml_tag
|
|
|
|
assert_equal(<<HTML, render(<<HAML, :action_view))
|
|
|
|
<div>
|
|
|
|
<ul>
|
|
|
|
<li>Content!</li>
|
|
|
|
</ul>
|
|
|
|
</div>
|
|
|
|
HTML
|
|
|
|
- haml_tag :div do
|
|
|
|
- haml_tag :ul do
|
|
|
|
- haml_tag :li, "Content!"
|
|
|
|
HAML
|
|
|
|
end
|
|
|
|
|
2010-02-08 20:14:10 -05:00
|
|
|
def test_xss_protection_with_form_for
|
|
|
|
assert_equal(<<HTML, render(<<HAML, :action_view))
|
2010-07-27 01:21:10 -04:00
|
|
|
<form #{rails_form_attr}action="" method="post">#{rails_form_opener}
|
2010-02-08 20:14:10 -05:00
|
|
|
Title:
|
|
|
|
<input id="article_title" name="article[title]" size="30" type="text" value="Hello" />
|
|
|
|
Body:
|
|
|
|
<input id="article_body" name="article[body]" size="30" type="text" value="World" />
|
|
|
|
</form>
|
|
|
|
HTML
|
2010-04-17 19:33:57 -04:00
|
|
|
#{rails_block_helper_char} form_for #{form_for_calling_convention(:article)}, :url => '' do |f|
|
2010-02-08 20:14:10 -05:00
|
|
|
Title:
|
|
|
|
= f.text_field :title
|
|
|
|
Body:
|
|
|
|
= f.text_field :body
|
2010-03-21 19:16:01 -04:00
|
|
|
HAML
|
|
|
|
end
|
|
|
|
|
2011-09-20 16:27:59 -04:00
|
|
|
if defined?(ActionView::Helpers::PrototypeHelper)
|
|
|
|
def test_rjs
|
|
|
|
assert_equal(<<HTML, render(<<HAML, :action_view))
|
2010-03-21 19:16:01 -04:00
|
|
|
window.location.reload();
|
|
|
|
HTML
|
|
|
|
= update_page do |p|
|
|
|
|
- p.reload
|
2010-05-03 05:46:08 -04:00
|
|
|
HAML
|
2011-09-20 16:27:59 -04:00
|
|
|
end
|
2010-05-03 05:46:08 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_cache
|
|
|
|
@base.controller = ActionController::Base.new
|
|
|
|
@base.controller.perform_caching = false
|
|
|
|
assert_equal(<<HTML, render(<<HAML, :action_view))
|
|
|
|
Test
|
|
|
|
HTML
|
|
|
|
- cache do
|
|
|
|
Test
|
2010-02-08 20:14:10 -05:00
|
|
|
HAML
|
|
|
|
end
|
2009-10-16 05:42:12 -04:00
|
|
|
end
|
2006-09-29 14:39:13 -04:00
|
|
|
end
|