URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libgo/] [go/] [html/] [template/] [content_test.go] - Blame information for rev 747

Details | Compare with Previous | View Log


// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
 
package template
 
import (
        "bytes"
        "strings"
        "testing"
)
 
func TestTypedContent(t *testing.T) {
        data := []interface{}{
                ` "foo%" O'Reilly &bar;`,
                CSS(`a[href =~ "//example.com"]#foo`),
                HTML(`Hello, World &tc!`),
                HTMLAttr(` dir="ltr"`),
                JS(`c && alert("Hello, World!");`),
                JSStr(`Hello, World & O'Reilly\x21`),
                URL(`greeting=H%69&addressee=(World)`),
        }
 
        // For each content sensitive escaper, see how it does on
        // each of the typed strings above.
        tests := []struct {
                // A template containing a single {{.}}.
                input string
                want  []string
        }{
                {
                        `{{.}} { color: blue }`,
                        []string{
                                `ZgotmplZ`,
                                // Allowed but not escaped.
                                `a[href =~ "//example.com"]#foo`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                        },
                },
                {
                        ``,
                        []string{
                                `ZgotmplZ`,
                                // Allowed and HTML escaped.
                                `a[href =~ "//example.com"]#foo`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                        },
                },
                {
                        `{{.}}`,
                        []string{
                                `<b> "foo%" O'Reilly &bar;`,
                                `a[href =~ "//example.com"]#foo`,
                                // Not escaped.
                                `Hello, World &tc!`,
                                ` dir="ltr"`,
                                `c && alert("Hello, World!");`,
                                `Hello, World & O'Reilly\x21`,
                                `greeting=H%69&addressee=(World)`,
                        },
                },
                {
                        ``,
                        []string{
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                // Allowed and HTML escaped.
                                ` dir="ltr"`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                                `ZgotmplZ`,
                        },
                },
                {
                        ``,
                        []string{
                                `<b> "foo%" O'Reilly &bar;`,
                                `a[href =~ "//example.com"]#foo`,
                                // Tags stripped, spaces escaped, entity not re-escaped.
                                `Hello, World &tc!`,
                                ` dir="ltr"`,
                                `c && alert("Hello, World!");`,
                                `Hello, World & O'Reilly\x21`,
                                `greeting=H%69&addressee=(World)`,
                        },
                },
                {
                        ``,
                        []string{
                                `<b> "foo%" O'Reilly &bar;`,
                                `a[href =~ "//example.com"]#foo`,
                                // Tags stripped, entity not re-escaped.
                                `Hello, World &tc!`,
                                ` dir="ltr"`,
                                `c && alert("Hello, World!");`,
                                `Hello, World & O'Reilly\x21`,
                                `greeting=H%69&addressee=(World)`,
                        },
                },
                {
                        `{{.}}`,
                        []string{
                                `<b> "foo%" O'Reilly &bar;`,
                                `a[href =~ "//example.com"]#foo`,
                                // Angle brackets escaped to prevent injection of close tags, entity not re-escaped.
                                `Hello, <b>World</b> &tc!`,
                                ` dir="ltr"`,
                                `c && alert("Hello, World!");`,
                                `Hello, World & O'Reilly\x21`,
                                `greeting=H%69&addressee=(World)`,
                        },
                },
                {
                        `alert({{.}})`,
                        []string{
                                `"\u003cb\u003e \"foo%\" O'Reilly &bar;"`,
                                `"a[href =~ \"//example.com\"]#foo"`,
                                `"Hello, \u003cb\u003eWorld\u003c/b\u003e &tc!"`,
                                `" dir=\"ltr\""`,
                                // Not escaped.
                                `c && alert("Hello, World!");`,
                                // Escape sequence not over-escaped.
                                `"Hello, World & O'Reilly\x21"`,
                                `"greeting=H%69&addressee=(World)"`,
                        },
                },
                {
                        ``,
                        []string{
                                `"\u003cb\u003e \"foo%\" O'Reilly &bar;"`,
                                `"a[href =~ \"//example.com\"]#foo"`,
                                `"Hello, \u003cb\u003eWorld\u003c/b\u003e &amp;tc!"`,
                                `" dir=\"ltr\""`,
                                // Not JS escaped but HTML escaped.
                                `c && alert("Hello, World!");`,
                                // Escape sequence not over-escaped.
                                `"Hello, World & O'Reilly\x21"`,
                                `"greeting=H%69&addressee=(World)"`,
                        },
                },
                {
                        `alert("{{.}}")`,
                        []string{
                                `\x3cb\x3e \x22foo%\x22 O\x27Reilly \x26bar;`,
                                `a[href =~ \x22\/\/example.com\x22]#foo`,
                                `Hello, \x3cb\x3eWorld\x3c\/b\x3e \x26amp;tc!`,
                                ` dir=\x22ltr\x22`,
                                `c \x26\x26 alert(\x22Hello, World!\x22);`,
                                // Escape sequence not over-escaped.
                                `Hello, World \x26 O\x27Reilly\x21`,
                                `greeting=H%69\x26addressee=(World)`,
                        },
                },
                {
                        ``,
                        []string{
                                `\x3cb\x3e \x22foo%\x22 O\x27Reilly \x26bar;`,
                                `a[href =~ \x22\/\/example.com\x22]#foo`,
                                `Hello, \x3cb\x3eWorld\x3c\/b\x3e \x26amp;tc!`,
                                ` dir=\x22ltr\x22`,
                                `c \x26\x26 alert(\x22Hello, World!\x22);`,
                                // Escape sequence not over-escaped.
                                `Hello, World \x26 O\x27Reilly\x21`,
                                `greeting=H%69\x26addressee=(World)`,
                        },
                },
                {
                        ``,
                        []string{
                                `%3cb%3e%20%22foo%25%22%20O%27Reilly%20%26bar%3b`,
                                `a%5bhref%20%3d~%20%22%2f%2fexample.com%22%5d%23foo`,
                                `Hello%2c%20%3cb%3eWorld%3c%2fb%3e%20%26amp%3btc%21`,
                                `%20dir%3d%22ltr%22`,
                                `c%20%26%26%20alert%28%22Hello%2c%20World%21%22%29%3b`,
                                `Hello%2c%20World%20%26%20O%27Reilly%5cx21`,
                                // Quotes and parens are escaped but %69 is not over-escaped. HTML escaping is done.
                                `greeting=H%69&addressee=%28World%29`,
                        },
                },
                {
                        `body { background: url('?img={{.}}') }`,
                        []string{
                                `%3cb%3e%20%22foo%25%22%20O%27Reilly%20%26bar%3b`,
                                `a%5bhref%20%3d~%20%22%2f%2fexample.com%22%5d%23foo`,
                                `Hello%2c%20%3cb%3eWorld%3c%2fb%3e%20%26amp%3btc%21`,
                                `%20dir%3d%22ltr%22`,
                                `c%20%26%26%20alert%28%22Hello%2c%20World%21%22%29%3b`,
                                `Hello%2c%20World%20%26%20O%27Reilly%5cx21`,
                                // Quotes and parens are escaped but %69 is not over-escaped. HTML escaping is not done.
                                `greeting=H%69&addressee=%28World%29`,
                        },
                },
        }
 
        for _, test := range tests {
                tmpl := Must(New("x").Parse(test.input))
                pre := strings.Index(test.input, "{{.}}")
                post := len(test.input) - (pre + 5)
                var b bytes.Buffer
                for i, x := range data {
                        b.Reset()
                        if err := tmpl.Execute(&b, x); err != nil {
                                t.Errorf("%q with %v: %s", test.input, x, err)
                                continue
                        }
                        if want, got := test.want[i], b.String()[pre:b.Len()-post]; want != got {
                                t.Errorf("%q with %v:\nwant\n\t%q,\ngot\n\t%q\n", test.input, x, want, got)
                                continue
                        }
                }
        }
}

Browse

Tools

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libgo/] [go/] [html/] [template/] [content_test.go] - Blame information for rev 747

Line No.	Rev	Author	Line
1	747	jeremybenn	`// Copyright 2011 The Go Authors. All rights reserved.`
2			`// Use of this source code is governed by a BSD-style`
3			`// license that can be found in the LICENSE file.`
4
5			`package template`
6
7			`import (`
8			`"bytes"`
9			`"strings"`
10			`"testing"`
11			`)`
12
13			`func TestTypedContent(t *testing.T) {`
14			`data := []interface{}{`
15			` "foo%" O'Reilly &bar;`,
16			CSS(`a[href =~ "//example.com"]#foo`),
17			HTML(`Hello, World &tc!`),
18			HTMLAttr(` dir="ltr"`),
19			JS(`c && alert("Hello, World!");`),
20			JSStr(`Hello, World & O'Reilly\x21`),
21			URL(`greeting=H%69&addressee=(World)`),
22			`}`
23
24			`// For each content sensitive escaper, see how it does on`
25			`// each of the typed strings above.`
26			`tests := []struct {`
27			`// A template containing a single {{.}}.`
28			`input string`
29			`want []string`
30			`}{`
31			`{`
32			``,
33			`[]string{`
34			`ZgotmplZ`,
35			`// Allowed but not escaped.`
36			`a[href =~ "//example.com"]#foo`,
37			`ZgotmplZ`,
38			`ZgotmplZ`,
39			`ZgotmplZ`,
40			`ZgotmplZ`,
41			`ZgotmplZ`,
42			`},`
43			`},`
44			`{`
45			` `,
46			`[]string{`
47			`ZgotmplZ`,
48			`// Allowed and HTML escaped.`
49			`a[href =~ "//example.com"]#foo`,
50			`ZgotmplZ`,
51			`ZgotmplZ`,
52			`ZgotmplZ`,
53			`ZgotmplZ`,
54			`ZgotmplZ`,
55			`},`
56			`},`
57			`{`
58			`{{.}}`,
59			`[]string{`
60			`<b> "foo%" O'Reilly &bar;`,
61			`a[href =~ "//example.com"]#foo`,
62			`// Not escaped.`
63			`Hello, World &tc!`,
64			` dir="ltr"`,
65			`c && alert("Hello, World!");`,
66			`Hello, World & O'Reilly\x21`,
67			`greeting=H%69&addressee=(World)`,
68			`},`
69			`},`
70			`{`
71			``,
72			`[]string{`
73			`ZgotmplZ`,
74			`ZgotmplZ`,
75			`ZgotmplZ`,
76			`// Allowed and HTML escaped.`
77			` dir="ltr"`,
78			`ZgotmplZ`,
79			`ZgotmplZ`,
80			`ZgotmplZ`,
81			`},`
82			`},`
83			`{`
84			``,
85			`[]string{`
86			`<b> "foo%" O'Reilly &bar;`,
87			`a[href =~ "//example.com"]#foo`,
88			`// Tags stripped, spaces escaped, entity not re-escaped.`
89			`Hello, World &tc!`,
90			` dir="ltr"`,
91			`c && alert("Hello, World!");`,
92			`Hello, World & O'Reilly\x21`,
93			`greeting=H%69&addressee=(World)`,
94			`},`
95			`},`
96			`{`
97			``,
98			`[]string{`
99			`<b> "foo%" O'Reilly &bar;`,
100			`a[href =~ "//example.com"]#foo`,
101			`// Tags stripped, entity not re-escaped.`
102			`Hello, World &tc!`,
103			` dir="ltr"`,
104			`c && alert("Hello, World!");`,
105			`Hello, World & O'Reilly\x21`,
106			`greeting=H%69&addressee=(World)`,
107			`},`
108			`},`
109			`{`
110			`{{.}}`,
111			`[]string{`
112			`<b> "foo%" O'Reilly &bar;`,
113			`a[href =~ "//example.com"]#foo`,
114			`// Angle brackets escaped to prevent injection of close tags, entity not re-escaped.`
115			`Hello, <b>World</b> &tc!`,
116			` dir="ltr"`,
117			`c && alert("Hello, World!");`,
118			`Hello, World & O'Reilly\x21`,
119			`greeting=H%69&addressee=(World)`,
120			`},`
121			`},`
122			`{`
123			``,
124			`[]string{`
125			`"\u003cb\u003e \"foo%\" O'Reilly &bar;"`,
126			`"a[href =~ \"//example.com\"]#foo"`,
127			`"Hello, \u003cb\u003eWorld\u003c/b\u003e &tc!"`,
128			`" dir=\"ltr\""`,
129			`// Not escaped.`
130			`c && alert("Hello, World!");`,
131			`// Escape sequence not over-escaped.`
132			`"Hello, World & O'Reilly\x21"`,
133			`"greeting=H%69&addressee=(World)"`,
134			`},`
135			`},`
136			`{`
137			`
138			`[]string{`
139			`"\u003cb\u003e \"foo%\" O'Reilly &bar;"`,
140			`"a[href =~ \"//example.com\"]#foo"`,
141			`"Hello, \u003cb\u003eWorld\u003c/b\u003e &tc!"`,
142			`" dir=\"ltr\""`,
143			`// Not JS escaped but HTML escaped.`
144			`c && alert("Hello, World!");`,
145			`// Escape sequence not over-escaped.`
146			`"Hello, World & O'Reilly\x21"`,
147			`"greeting=H%69&addressee=(World)"`,
148			`},`
149			`},`
150			`{`
151			``,
152			`[]string{`
153			`\x3cb\x3e \x22foo%\x22 O\x27Reilly \x26bar;`,
154			`a[href =~ \x22\/\/example.com\x22]#foo`,
155			`Hello, \x3cb\x3eWorld\x3c\/b\x3e \x26amp;tc!`,
156			` dir=\x22ltr\x22`,
157			`c \x26\x26 alert(\x22Hello, World!\x22);`,
158			`// Escape sequence not over-escaped.`
159			`Hello, World \x26 O\x27Reilly\x21`,
160			`greeting=H%69\x26addressee=(World)`,
161			`},`
162			`},`
163			`{`
164			`
165			`[]string{`
166			`\x3cb\x3e \x22foo%\x22 O\x27Reilly \x26bar;`,
167			`a[href =~ \x22\/\/example.com\x22]#foo`,
168			`Hello, \x3cb\x3eWorld\x3c\/b\x3e \x26amp;tc!`,
169			` dir=\x22ltr\x22`,
170			`c \x26\x26 alert(\x22Hello, World!\x22);`,
171			`// Escape sequence not over-escaped.`
172			`Hello, World \x26 O\x27Reilly\x21`,
173			`greeting=H%69\x26addressee=(World)`,
174			`},`
175			`},`
176			`{`
177			``,
178			`[]string{`
179			`%3cb%3e%20%22foo%25%22%20O%27Reilly%20%26bar%3b`,
180			`a%5bhref%20%3d~%20%22%2f%2fexample.com%22%5d%23foo`,
181			`Hello%2c%20%3cb%3eWorld%3c%2fb%3e%20%26amp%3btc%21`,
182			`%20dir%3d%22ltr%22`,
183			`c%20%26%26%20alert%28%22Hello%2c%20World%21%22%29%3b`,
184			`Hello%2c%20World%20%26%20O%27Reilly%5cx21`,
185			`// Quotes and parens are escaped but %69 is not over-escaped. HTML escaping is done.`
186			`greeting=H%69&addressee=%28World%29`,
187			`},`
188			`},`
189			`{`
190			``,
191			`[]string{`
192			`%3cb%3e%20%22foo%25%22%20O%27Reilly%20%26bar%3b`,
193			`a%5bhref%20%3d~%20%22%2f%2fexample.com%22%5d%23foo`,
194			`Hello%2c%20%3cb%3eWorld%3c%2fb%3e%20%26amp%3btc%21`,
195			`%20dir%3d%22ltr%22`,
196			`c%20%26%26%20alert%28%22Hello%2c%20World%21%22%29%3b`,
197			`Hello%2c%20World%20%26%20O%27Reilly%5cx21`,
198			`// Quotes and parens are escaped but %69 is not over-escaped. HTML escaping is not done.`
199			`greeting=H%69&addressee=%28World%29`,
200			`},`
201			`},`
202			`}`
203
204			`for _, test := range tests {`
205			`tmpl := Must(New("x").Parse(test.input))`
206			`pre := strings.Index(test.input, "{{.}}")`
207			`post := len(test.input) - (pre + 5)`
208			`var b bytes.Buffer`
209			`for i, x := range data {`
210			`b.Reset()`
211			`if err := tmpl.Execute(&b, x); err != nil {`
212			`t.Errorf("%q with %v: %s", test.input, x, err)`
213			`continue`
214			`}`
215			`if want, got := test.want[i], b.String()[pre:b.Len()-post]; want != got {`
216			`t.Errorf("%q with %v:\nwant\n\t%q,\ngot\n\t%q\n", test.input, x, want, got)`
217			`continue`
218			`}`
219			`}`
220			`}`
221			`}`