2022-12-13 23:10:57 +03:00
|
|
|
import encoding.html
|
|
|
|
|
|
|
|
fn test_escape_html() {
|
|
|
|
assert html.escape('<>&') == '<>&'
|
|
|
|
assert html.escape('No change') == 'No change'
|
|
|
|
assert html.escape('<b>Bold text</b>') == '<b>Bold text</b>'
|
|
|
|
assert html.escape('<img />') == '<img />'
|
2023-07-20 22:25:24 +03:00
|
|
|
assert html.escape("' onmouseover='alert(1)'") == '' onmouseover='alert(1)''
|
|
|
|
assert html.escape("<a href='http://www.example.com'>link</a>") == '<a href='http://www.example.com'>link</a>'
|
|
|
|
assert html.escape("<script>alert('hello');</script>") == '<script>alert('hello');</script>'
|
2022-12-13 23:10:57 +03:00
|
|
|
// Cases obtained from:
|
|
|
|
// https://github.com/apache/commons-lang/blob/master/src/test/java/org/apache/commons/lang3/StringEscapeUtilsTest.java
|
|
|
|
assert html.escape('plain text') == 'plain text'
|
|
|
|
assert html.escape('') == ''
|
|
|
|
assert html.escape('bread & butter') == 'bread & butter'
|
2023-07-20 22:25:24 +03:00
|
|
|
assert html.escape('"bread" & butter') == '"bread" & butter'
|
2022-12-13 23:10:57 +03:00
|
|
|
assert html.escape('greater than >') == 'greater than >'
|
|
|
|
assert html.escape('< less than') == '< less than'
|
|
|
|
// Leave accents as-is
|
|
|
|
assert html.escape('café') == 'café'
|
|
|
|
assert html.escape('<p>façade</p>') == '<p>façade</p>'
|
|
|
|
}
|