2008-01-05 13:32:06 +00:00
|
|
|
require 'abstract_unit'
|
2011-04-10 16:52:42 +00:00
|
|
|
require 'active_support/core_ext/object/inclusion'
|
2007-12-16 23:53:45 +00:00
|
|
|
|
2012-01-06 01:01:45 +00:00
|
|
|
class ErbUtilTest < ActiveSupport::TestCase
|
2007-12-16 23:53:45 +00:00
|
|
|
include ERB::Util
|
|
|
|
|
|
2008-04-08 04:52:01 +00:00
|
|
|
ERB::Util::HTML_ESCAPE.each do |given, expected|
|
2010-04-17 19:54:52 +00:00
|
|
|
define_method "test_html_escape_#{expected.gsub(/\W/, '')}" do
|
2008-04-08 04:52:01 +00:00
|
|
|
assert_equal expected, html_escape(given)
|
|
|
|
|
end
|
2007-12-16 23:53:45 +00:00
|
|
|
|
2008-04-08 04:52:01 +00:00
|
|
|
unless given == '"'
|
2010-04-17 19:54:52 +00:00
|
|
|
define_method "test_json_escape_#{expected.gsub(/\W/, '')}" do
|
2008-04-08 04:52:01 +00:00
|
|
|
assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given)
|
|
|
|
|
end
|
|
|
|
|
end
|
2007-12-16 23:53:45 +00:00
|
|
|
end
|
2010-08-14 05:13:00 +00:00
|
|
|
|
2011-06-09 22:29:17 +00:00
|
|
|
def test_json_escape_returns_unsafe_strings_when_passed_unsafe_strings
|
|
|
|
|
value = json_escape("asdf")
|
|
|
|
|
assert !value.html_safe?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def test_json_escape_returns_safe_strings_when_passed_safe_strings
|
|
|
|
|
value = json_escape("asdf".html_safe)
|
|
|
|
|
assert value.html_safe?
|
|
|
|
|
end
|
|
|
|
|
|
2009-10-07 20:31:20 +00:00
|
|
|
def test_html_escape_is_html_safe
|
|
|
|
|
escaped = h("<p>")
|
|
|
|
|
assert_equal "<p>", escaped
|
|
|
|
|
assert escaped.html_safe?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def test_html_escape_passes_html_escpe_unmodified
|
For performance reasons, you can no longer call html_safe! on Strings. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).
* Additionally, instead of doing concat("</form>".html_safe), you can do
safe_concat("</form>"), which will skip both the flag set, and the flag
check.
* For the first pass, I converted virtually all #html_safe!s to #html_safe,
and the tests pass. A further optimization would be to try to use
#safe_concat as much as possible, reducing the performance impact if
we know up front that a String is safe.
2010-02-01 03:17:42 +00:00
|
|
|
escaped = h("<p>".html_safe)
|
2009-10-07 20:31:20 +00:00
|
|
|
assert_equal "<p>", escaped
|
|
|
|
|
assert escaped.html_safe?
|
|
|
|
|
end
|
|
|
|
|
|
2007-12-16 23:53:45 +00:00
|
|
|
def test_rest_in_ascii
|
2009-06-08 20:33:18 +00:00
|
|
|
(0..127).to_a.map {|int| int.chr }.each do |chr|
|
2011-04-10 16:52:42 +00:00
|
|
|
next if chr.in?('&"<>')
|
2007-12-16 23:53:45 +00:00
|
|
|
assert_equal chr, html_escape(chr)
|
|
|
|
|
end
|
|
|
|
|
end
|
2012-01-12 23:04:02 +00:00
|
|
|
|
|
|
|
|
def test_html_escape_once
|
|
|
|
|
assert_equal '1 < 2 & 3', html_escape_once('1 < 2 & 3')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def test_html_escape_once_returns_unsafe_strings_when_passed_unsafe_strings
|
|
|
|
|
value = html_escape_once('1 < 2 & 3')
|
|
|
|
|
assert !value.html_safe?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def test_html_escape_once_returns_safe_strings_when_passed_safe_strings
|
|
|
|
|
value = html_escape_once('1 < 2 & 3'.html_safe)
|
|
|
|
|
assert value.html_safe?
|
|
|
|
|
end
|
2007-12-16 23:53:45 +00:00
|
|
|
end
|
