291 lines
9.4 KiB
Java
291 lines
9.4 KiB
Java
// Copyright (C) 2009 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package com.google.gwtexpui.safehtml.client;
|
|
|
|
import static com.google.common.truth.Truth.assertThat;
|
|
|
|
import org.junit.Rule;
|
|
import org.junit.Test;
|
|
import org.junit.rules.ExpectedException;
|
|
|
|
public class SafeHtmlBuilderTest {
|
|
@Rule public ExpectedException exception = ExpectedException.none();
|
|
|
|
@Test
|
|
public void empty() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b.isEmpty()).isTrue();
|
|
assertThat(b.hasContent()).isFalse();
|
|
assertThat(b.asString()).isEmpty();
|
|
|
|
b.append("a");
|
|
assertThat(b.hasContent()).isTrue();
|
|
assertThat(b.asString()).isEqualTo("a");
|
|
}
|
|
|
|
@Test
|
|
public void toSafeHtml() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
b.append(1);
|
|
|
|
final SafeHtml h = b.toSafeHtml();
|
|
assertThat(h).isNotNull();
|
|
assertThat(h).isNotSameAs(b);
|
|
assertThat(h).isNotInstanceOf(SafeHtmlBuilder.class);
|
|
assertThat(h.asString()).isEqualTo("1");
|
|
}
|
|
|
|
@Test
|
|
public void append_boolean() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append(true));
|
|
assertThat(b).isSameAs(b.append(false));
|
|
assertThat(b.asString()).isEqualTo("truefalse");
|
|
}
|
|
|
|
@Test
|
|
public void append_char() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append('a'));
|
|
assertThat(b).isSameAs(b.append('b'));
|
|
assertThat(b.asString()).isEqualTo("ab");
|
|
}
|
|
|
|
@Test
|
|
public void append_int() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append(4));
|
|
assertThat(b).isSameAs(b.append(2));
|
|
assertThat(b).isSameAs(b.append(-100));
|
|
assertThat(b.asString()).isEqualTo("42-100");
|
|
}
|
|
|
|
@Test
|
|
public void append_long() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append(4L));
|
|
assertThat(b).isSameAs(b.append(2L));
|
|
assertThat(b.asString()).isEqualTo("42");
|
|
}
|
|
|
|
@Test
|
|
public void append_float() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append(0.0f));
|
|
assertThat(b.asString()).isEqualTo("0.0");
|
|
}
|
|
|
|
@Test
|
|
public void append_double() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append(0.0));
|
|
assertThat(b.asString()).isEqualTo("0.0");
|
|
}
|
|
|
|
@Test
|
|
public void append_String() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append((String) null));
|
|
assertThat(b.asString()).isEmpty();
|
|
assertThat(b).isSameAs(b.append("foo"));
|
|
assertThat(b).isSameAs(b.append("bar"));
|
|
assertThat(b.asString()).isEqualTo("foobar");
|
|
}
|
|
|
|
@Test
|
|
public void append_StringBuilder() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append((StringBuilder) null));
|
|
assertThat(b.asString()).isEmpty();
|
|
assertThat(b).isSameAs(b.append(new StringBuilder("foo")));
|
|
assertThat(b).isSameAs(b.append(new StringBuilder("bar")));
|
|
assertThat(b.asString()).isEqualTo("foobar");
|
|
}
|
|
|
|
@Test
|
|
public void append_StringBuffer() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append((StringBuffer) null));
|
|
assertThat(b.asString()).isEmpty();
|
|
assertThat(b).isSameAs(b.append(new StringBuffer("foo")));
|
|
assertThat(b).isSameAs(b.append(new StringBuffer("bar")));
|
|
assertThat(b.asString()).isEqualTo("foobar");
|
|
}
|
|
|
|
@Test
|
|
public void append_Object() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append((Object) null));
|
|
assertThat(b.asString()).isEmpty();
|
|
assertThat(b)
|
|
.isSameAs(
|
|
b.append(
|
|
new Object() {
|
|
@Override
|
|
public String toString() {
|
|
return "foobar";
|
|
}
|
|
}));
|
|
assertThat(b.asString()).isEqualTo("foobar");
|
|
}
|
|
|
|
@Test
|
|
public void append_CharSequence() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append((CharSequence) null));
|
|
assertThat(b.asString()).isEmpty();
|
|
assertThat(b).isSameAs(b.append((CharSequence) "foo"));
|
|
assertThat(b).isSameAs(b.append((CharSequence) "bar"));
|
|
assertThat(b.asString()).isEqualTo("foobar");
|
|
}
|
|
|
|
@Test
|
|
public void append_SafeHtml() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.append((SafeHtml) null));
|
|
assertThat(b.asString()).isEmpty();
|
|
assertThat(b).isSameAs(b.append(new SafeHtmlString("foo")));
|
|
assertThat(b).isSameAs(b.append(new SafeHtmlBuilder().append("bar")));
|
|
assertThat(b.asString()).isEqualTo("foobar");
|
|
}
|
|
|
|
@Test
|
|
public void htmlSpecialCharacters() {
|
|
assertThat(escape("&")).isEqualTo("&");
|
|
assertThat(escape("<")).isEqualTo("<");
|
|
assertThat(escape(">")).isEqualTo(">");
|
|
assertThat(escape("\"")).isEqualTo(""");
|
|
assertThat(escape("'")).isEqualTo("'");
|
|
|
|
assertThat(escape('&')).isEqualTo("&");
|
|
assertThat(escape('<')).isEqualTo("<");
|
|
assertThat(escape('>')).isEqualTo(">");
|
|
assertThat(escape('"')).isEqualTo(""");
|
|
assertThat(escape('\'')).isEqualTo("'");
|
|
|
|
assertThat(escape("<b>")).isEqualTo("<b>");
|
|
assertThat(escape("<b>")).isEqualTo("&lt;b&gt;");
|
|
}
|
|
|
|
@Test
|
|
public void entityNbsp() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.nbsp());
|
|
assertThat(b.asString()).isEqualTo(" ");
|
|
}
|
|
|
|
@Test
|
|
public void tagBr() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.br());
|
|
assertThat(b.asString()).isEqualTo("<br />");
|
|
}
|
|
|
|
@Test
|
|
public void tagTableTrTd() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.openElement("table"));
|
|
assertThat(b).isSameAs(b.openTr());
|
|
assertThat(b).isSameAs(b.openTd());
|
|
assertThat(b).isSameAs(b.append("d<a>ta"));
|
|
assertThat(b).isSameAs(b.closeTd());
|
|
assertThat(b).isSameAs(b.closeTr());
|
|
assertThat(b).isSameAs(b.closeElement("table"));
|
|
assertThat(b.asString()).isEqualTo("<table><tr><td>d<a>ta</td></tr></table>");
|
|
}
|
|
|
|
@Test
|
|
public void tagDiv() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.openDiv());
|
|
assertThat(b).isSameAs(b.append("d<a>ta"));
|
|
assertThat(b).isSameAs(b.closeDiv());
|
|
assertThat(b.asString()).isEqualTo("<div>d<a>ta</div>");
|
|
}
|
|
|
|
@Test
|
|
public void tagAnchor() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.openAnchor());
|
|
|
|
assertThat(b.getAttribute("href")).isEmpty();
|
|
assertThat(b).isSameAs(b.setAttribute("href", "http://here"));
|
|
assertThat(b.getAttribute("href")).isEqualTo("http://here");
|
|
assertThat(b).isSameAs(b.setAttribute("href", "d<a>ta"));
|
|
assertThat(b.getAttribute("href")).isEqualTo("d<a>ta");
|
|
|
|
assertThat(b.getAttribute("target")).isEmpty();
|
|
assertThat(b).isSameAs(b.setAttribute("target", null));
|
|
assertThat(b.getAttribute("target")).isEmpty();
|
|
|
|
assertThat(b).isSameAs(b.append("go"));
|
|
assertThat(b).isSameAs(b.closeAnchor());
|
|
assertThat(b.asString()).isEqualTo("<a href=\"d<a>ta\">go</a>");
|
|
}
|
|
|
|
@Test
|
|
public void tagHeightWidth() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.openElement("img"));
|
|
assertThat(b).isSameAs(b.setHeight(100));
|
|
assertThat(b).isSameAs(b.setWidth(42));
|
|
assertThat(b).isSameAs(b.closeSelf());
|
|
assertThat(b.asString()).isEqualTo("<img height=\"100\" width=\"42\" />");
|
|
}
|
|
|
|
@Test
|
|
public void styleName() {
|
|
final SafeHtmlBuilder b = new SafeHtmlBuilder();
|
|
assertThat(b).isSameAs(b.openSpan());
|
|
assertThat(b).isSameAs(b.setStyleName("foo"));
|
|
assertThat(b).isSameAs(b.addStyleName("bar"));
|
|
assertThat(b).isSameAs(b.append("d<a>ta"));
|
|
assertThat(b).isSameAs(b.closeSpan());
|
|
assertThat(b.asString()).isEqualTo("<span class=\"foo bar\">d<a>ta</span>");
|
|
}
|
|
|
|
@Test
|
|
public void rejectJavaScript_AnchorHref() {
|
|
final String href = "javascript:window.close();";
|
|
exception.expect(RuntimeException.class);
|
|
exception.expectMessage("javascript unsafe in href: " + href);
|
|
new SafeHtmlBuilder().openAnchor().setAttribute("href", href);
|
|
}
|
|
|
|
@Test
|
|
public void rejectJavaScript_ImgSrc() {
|
|
final String href = "javascript:window.close();";
|
|
exception.expect(RuntimeException.class);
|
|
exception.expectMessage("javascript unsafe in href: " + href);
|
|
new SafeHtmlBuilder().openElement("img").setAttribute("src", href);
|
|
}
|
|
|
|
@Test
|
|
public void rejectJavaScript_FormAction() {
|
|
final String href = "javascript:window.close();";
|
|
exception.expect(RuntimeException.class);
|
|
exception.expectMessage("javascript unsafe in href: " + href);
|
|
new SafeHtmlBuilder().openElement("form").setAttribute("action", href);
|
|
}
|
|
|
|
private static String escape(char c) {
|
|
return new SafeHtmlBuilder().append(c).asString();
|
|
}
|
|
|
|
private static String escape(String c) {
|
|
return new SafeHtmlBuilder().append(c).asString();
|
|
}
|
|
}
|