URL
https://opencores.org/ocsvn/openrisc/openrisc/trunk
Subversion Repositories openrisc
[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libgo/] [go/] [html/] [template/] [content_test.go] - Rev 760
Go to most recent revision | Compare with Previous | Blame | View Log
// Copyright 2011 The Go Authors. All rights reserved.// Use of this source code is governed by a BSD-style// license that can be found in the LICENSE file.package templateimport ("bytes""strings""testing")func TestTypedContent(t *testing.T) {data := []interface{}{`<b> "foo%" O'Reilly &bar;`,CSS(`a[href =~ "//example.com"]#foo`),HTML(`Hello, <b>World</b> &tc!`),HTMLAttr(` dir="ltr"`),JS(`c && alert("Hello, World!");`),JSStr(`Hello, World & O'Reilly\x21`),URL(`greeting=H%69&addressee=(World)`),}// For each content sensitive escaper, see how it does on// each of the typed strings above.tests := []struct {// A template containing a single {{.}}.input stringwant []string}{{`<style>{{.}} { color: blue }</style>`,[]string{`ZgotmplZ`,// Allowed but not escaped.`a[href =~ "//example.com"]#foo`,`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,},},{`<div style="{{.}}">`,[]string{`ZgotmplZ`,// Allowed and HTML escaped.`a[href =~ "//example.com"]#foo`,`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,},},{`{{.}}`,[]string{`<b> "foo%" O'Reilly &bar;`,`a[href =~ "//example.com"]#foo`,// Not escaped.`Hello, <b>World</b> &tc!`,` dir="ltr"`,`c && alert("Hello, World!");`,`Hello, World & O'Reilly\x21`,`greeting=H%69&addressee=(World)`,},},{`<a{{.}}>`,[]string{`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,// Allowed and HTML escaped.` dir="ltr"`,`ZgotmplZ`,`ZgotmplZ`,`ZgotmplZ`,},},{`<a title={{.}}>`,[]string{`<b> "foo%" O'Reilly &bar;`,`a[href =~ "//example.com"]#foo`,// Tags stripped, spaces escaped, entity not re-escaped.`Hello, World &tc!`,` dir="ltr"`,`c && alert("Hello, World!");`,`Hello, World & O'Reilly\x21`,`greeting=H%69&addressee=(World)`,},},{`<a title='{{.}}'>`,[]string{`<b> "foo%" O'Reilly &bar;`,`a[href =~ "//example.com"]#foo`,// Tags stripped, entity not re-escaped.`Hello, World &tc!`,` dir="ltr"`,`c && alert("Hello, World!");`,`Hello, World & O'Reilly\x21`,`greeting=H%69&addressee=(World)`,},},{`<textarea>{{.}}</textarea>`,[]string{`<b> "foo%" O'Reilly &bar;`,`a[href =~ "//example.com"]#foo`,// Angle brackets escaped to prevent injection of close tags, entity not re-escaped.`Hello, <b>World</b> &tc!`,` dir="ltr"`,`c && alert("Hello, World!");`,`Hello, World & O'Reilly\x21`,`greeting=H%69&addressee=(World)`,},},{`<script>alert({{.}})</script>`,[]string{`"\u003cb\u003e \"foo%\" O'Reilly &bar;"`,`"a[href =~ \"//example.com\"]#foo"`,`"Hello, \u003cb\u003eWorld\u003c/b\u003e &tc!"`,`" dir=\"ltr\""`,// Not escaped.`c && alert("Hello, World!");`,// Escape sequence not over-escaped.`"Hello, World & O'Reilly\x21"`,`"greeting=H%69&addressee=(World)"`,},},{`<button onclick="alert({{.}})">`,[]string{`"\u003cb\u003e \"foo%\" O'Reilly &bar;"`,`"a[href =~ \"//example.com\"]#foo"`,`"Hello, \u003cb\u003eWorld\u003c/b\u003e &amp;tc!"`,`" dir=\"ltr\""`,// Not JS escaped but HTML escaped.`c && alert("Hello, World!");`,// Escape sequence not over-escaped.`"Hello, World & O'Reilly\x21"`,`"greeting=H%69&addressee=(World)"`,},},{`<script>alert("{{.}}")</script>`,[]string{`\x3cb\x3e \x22foo%\x22 O\x27Reilly \x26bar;`,`a[href =~ \x22\/\/example.com\x22]#foo`,`Hello, \x3cb\x3eWorld\x3c\/b\x3e \x26amp;tc!`,` dir=\x22ltr\x22`,`c \x26\x26 alert(\x22Hello, World!\x22);`,// Escape sequence not over-escaped.`Hello, World \x26 O\x27Reilly\x21`,`greeting=H%69\x26addressee=(World)`,},},{`<button onclick='alert("{{.}}")'>`,[]string{`\x3cb\x3e \x22foo%\x22 O\x27Reilly \x26bar;`,`a[href =~ \x22\/\/example.com\x22]#foo`,`Hello, \x3cb\x3eWorld\x3c\/b\x3e \x26amp;tc!`,` dir=\x22ltr\x22`,`c \x26\x26 alert(\x22Hello, World!\x22);`,// Escape sequence not over-escaped.`Hello, World \x26 O\x27Reilly\x21`,`greeting=H%69\x26addressee=(World)`,},},{`<a href="?q={{.}}">`,[]string{`%3cb%3e%20%22foo%25%22%20O%27Reilly%20%26bar%3b`,`a%5bhref%20%3d~%20%22%2f%2fexample.com%22%5d%23foo`,`Hello%2c%20%3cb%3eWorld%3c%2fb%3e%20%26amp%3btc%21`,`%20dir%3d%22ltr%22`,`c%20%26%26%20alert%28%22Hello%2c%20World%21%22%29%3b`,`Hello%2c%20World%20%26%20O%27Reilly%5cx21`,// Quotes and parens are escaped but %69 is not over-escaped. HTML escaping is done.`greeting=H%69&addressee=%28World%29`,},},{`<style>body { background: url('?img={{.}}') }</style>`,[]string{`%3cb%3e%20%22foo%25%22%20O%27Reilly%20%26bar%3b`,`a%5bhref%20%3d~%20%22%2f%2fexample.com%22%5d%23foo`,`Hello%2c%20%3cb%3eWorld%3c%2fb%3e%20%26amp%3btc%21`,`%20dir%3d%22ltr%22`,`c%20%26%26%20alert%28%22Hello%2c%20World%21%22%29%3b`,`Hello%2c%20World%20%26%20O%27Reilly%5cx21`,// Quotes and parens are escaped but %69 is not over-escaped. HTML escaping is not done.`greeting=H%69&addressee=%28World%29`,},},}for _, test := range tests {tmpl := Must(New("x").Parse(test.input))pre := strings.Index(test.input, "{{.}}")post := len(test.input) - (pre + 5)var b bytes.Bufferfor i, x := range data {b.Reset()if err := tmpl.Execute(&b, x); err != nil {t.Errorf("%q with %v: %s", test.input, x, err)continue}if want, got := test.want[i], b.String()[pre:b.Len()-post]; want != got {t.Errorf("%q with %v:\nwant\n\t%q,\ngot\n\t%q\n", test.input, x, want, got)continue}}}}
Go to most recent revision | Compare with Previous | Blame | View Log