import encoding.html fn test_escape_html() { assert html.escape('<>&') == '<>&' assert html.escape('No change') == 'No change' assert html.escape('Bold text') == '<b>Bold text</b>' assert html.escape('') == '<img />' assert html.escape("' onmouseover='alert(1)'") == '' onmouseover='alert(1)'' assert html.escape("link") == '<a href='http://www.example.com'>link</a>' assert html.escape("") == '<script>alert('hello');</script>' // Cases obtained from: // https://github.com/apache/commons-lang/blob/master/src/test/java/org/apache/commons/lang3/StringEscapeUtilsTest.java assert html.escape('plain text') == 'plain text' assert html.escape('') == '' assert html.escape('bread & butter') == 'bread & butter' assert html.escape('"bread" & butter') == '"bread" & butter' assert html.escape('greater than >') == 'greater than >' assert html.escape('< less than') == '< less than' // Leave accents as-is assert html.escape('café') == 'café' assert html.escape('
façade
') == '<p>façade</p>' }