| // Copyright (C) 2009 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package com.google.gwtexpui.safehtml.client; |
| |
| import static com.google.common.truth.Truth.assertThat; |
| |
| import org.junit.Rule; |
| import org.junit.Test; |
| import org.junit.rules.ExpectedException; |
| |
| public class SafeHtmlBuilderTest { |
| @Rule public ExpectedException exception = ExpectedException.none(); |
| |
| @Test |
| public void empty() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b.isEmpty()).isTrue(); |
| assertThat(b.hasContent()).isFalse(); |
| assertThat(b.asString()).isEmpty(); |
| |
| b.append("a"); |
| assertThat(b.hasContent()).isTrue(); |
| assertThat(b.asString()).isEqualTo("a"); |
| } |
| |
| @Test |
| public void toSafeHtml() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| b.append(1); |
| |
| final SafeHtml h = b.toSafeHtml(); |
| assertThat(h).isNotNull(); |
| assertThat(h).isNotSameAs(b); |
| assertThat(h).isNotInstanceOf(SafeHtmlBuilder.class); |
| assertThat(h.asString()).isEqualTo("1"); |
| } |
| |
| @Test |
| public void append_boolean() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append(true)); |
| assertThat(b).isSameAs(b.append(false)); |
| assertThat(b.asString()).isEqualTo("truefalse"); |
| } |
| |
| @Test |
| public void append_char() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append('a')); |
| assertThat(b).isSameAs(b.append('b')); |
| assertThat(b.asString()).isEqualTo("ab"); |
| } |
| |
| @Test |
| public void append_int() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append(4)); |
| assertThat(b).isSameAs(b.append(2)); |
| assertThat(b).isSameAs(b.append(-100)); |
| assertThat(b.asString()).isEqualTo("42-100"); |
| } |
| |
| @Test |
| public void append_long() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append(4L)); |
| assertThat(b).isSameAs(b.append(2L)); |
| assertThat(b.asString()).isEqualTo("42"); |
| } |
| |
| @Test |
| public void append_float() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append(0.0f)); |
| assertThat(b.asString()).isEqualTo("0.0"); |
| } |
| |
| @Test |
| public void append_double() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append(0.0)); |
| assertThat(b.asString()).isEqualTo("0.0"); |
| } |
| |
| @Test |
| public void append_String() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append((String) null)); |
| assertThat(b.asString()).isEmpty(); |
| assertThat(b).isSameAs(b.append("foo")); |
| assertThat(b).isSameAs(b.append("bar")); |
| assertThat(b.asString()).isEqualTo("foobar"); |
| } |
| |
| @Test |
| public void append_StringBuilder() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append((StringBuilder) null)); |
| assertThat(b.asString()).isEmpty(); |
| assertThat(b).isSameAs(b.append(new StringBuilder("foo"))); |
| assertThat(b).isSameAs(b.append(new StringBuilder("bar"))); |
| assertThat(b.asString()).isEqualTo("foobar"); |
| } |
| |
| @Test |
| public void append_StringBuffer() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append((StringBuffer) null)); |
| assertThat(b.asString()).isEmpty(); |
| assertThat(b).isSameAs(b.append(new StringBuffer("foo"))); |
| assertThat(b).isSameAs(b.append(new StringBuffer("bar"))); |
| assertThat(b.asString()).isEqualTo("foobar"); |
| } |
| |
| @Test |
| public void append_Object() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append((Object) null)); |
| assertThat(b.asString()).isEmpty(); |
| assertThat(b) |
| .isSameAs( |
| b.append( |
| new Object() { |
| @Override |
| public String toString() { |
| return "foobar"; |
| } |
| })); |
| assertThat(b.asString()).isEqualTo("foobar"); |
| } |
| |
| @Test |
| public void append_CharSequence() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append((CharSequence) null)); |
| assertThat(b.asString()).isEmpty(); |
| assertThat(b).isSameAs(b.append((CharSequence) "foo")); |
| assertThat(b).isSameAs(b.append((CharSequence) "bar")); |
| assertThat(b.asString()).isEqualTo("foobar"); |
| } |
| |
| @Test |
| public void append_SafeHtml() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.append((SafeHtml) null)); |
| assertThat(b.asString()).isEmpty(); |
| assertThat(b).isSameAs(b.append(new SafeHtmlString("foo"))); |
| assertThat(b).isSameAs(b.append(new SafeHtmlBuilder().append("bar"))); |
| assertThat(b.asString()).isEqualTo("foobar"); |
| } |
| |
| @Test |
| public void htmlSpecialCharacters() { |
| assertThat(escape("&")).isEqualTo("&"); |
| assertThat(escape("<")).isEqualTo("<"); |
| assertThat(escape(">")).isEqualTo(">"); |
| assertThat(escape("\"")).isEqualTo("""); |
| assertThat(escape("'")).isEqualTo("'"); |
| |
| assertThat(escape('&')).isEqualTo("&"); |
| assertThat(escape('<')).isEqualTo("<"); |
| assertThat(escape('>')).isEqualTo(">"); |
| assertThat(escape('"')).isEqualTo("""); |
| assertThat(escape('\'')).isEqualTo("'"); |
| |
| assertThat(escape("<b>")).isEqualTo("<b>"); |
| assertThat(escape("<b>")).isEqualTo("&lt;b&gt;"); |
| } |
| |
| @Test |
| public void entityNbsp() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.nbsp()); |
| assertThat(b.asString()).isEqualTo(" "); |
| } |
| |
| @Test |
| public void tagBr() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.br()); |
| assertThat(b.asString()).isEqualTo("<br />"); |
| } |
| |
| @Test |
| public void tagTableTrTd() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.openElement("table")); |
| assertThat(b).isSameAs(b.openTr()); |
| assertThat(b).isSameAs(b.openTd()); |
| assertThat(b).isSameAs(b.append("d<a>ta")); |
| assertThat(b).isSameAs(b.closeTd()); |
| assertThat(b).isSameAs(b.closeTr()); |
| assertThat(b).isSameAs(b.closeElement("table")); |
| assertThat(b.asString()).isEqualTo("<table><tr><td>d<a>ta</td></tr></table>"); |
| } |
| |
| @Test |
| public void tagDiv() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.openDiv()); |
| assertThat(b).isSameAs(b.append("d<a>ta")); |
| assertThat(b).isSameAs(b.closeDiv()); |
| assertThat(b.asString()).isEqualTo("<div>d<a>ta</div>"); |
| } |
| |
| @Test |
| public void tagAnchor() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.openAnchor()); |
| |
| assertThat(b.getAttribute("href")).isEmpty(); |
| assertThat(b).isSameAs(b.setAttribute("href", "http://here")); |
| assertThat(b.getAttribute("href")).isEqualTo("http://here"); |
| assertThat(b).isSameAs(b.setAttribute("href", "d<a>ta")); |
| assertThat(b.getAttribute("href")).isEqualTo("d<a>ta"); |
| |
| assertThat(b.getAttribute("target")).isEmpty(); |
| assertThat(b).isSameAs(b.setAttribute("target", null)); |
| assertThat(b.getAttribute("target")).isEmpty(); |
| |
| assertThat(b).isSameAs(b.append("go")); |
| assertThat(b).isSameAs(b.closeAnchor()); |
| assertThat(b.asString()).isEqualTo("<a href=\"d<a>ta\">go</a>"); |
| } |
| |
| @Test |
| public void tagHeightWidth() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.openElement("img")); |
| assertThat(b).isSameAs(b.setHeight(100)); |
| assertThat(b).isSameAs(b.setWidth(42)); |
| assertThat(b).isSameAs(b.closeSelf()); |
| assertThat(b.asString()).isEqualTo("<img height=\"100\" width=\"42\" />"); |
| } |
| |
| @Test |
| public void styleName() { |
| final SafeHtmlBuilder b = new SafeHtmlBuilder(); |
| assertThat(b).isSameAs(b.openSpan()); |
| assertThat(b).isSameAs(b.setStyleName("foo")); |
| assertThat(b).isSameAs(b.addStyleName("bar")); |
| assertThat(b).isSameAs(b.append("d<a>ta")); |
| assertThat(b).isSameAs(b.closeSpan()); |
| assertThat(b.asString()).isEqualTo("<span class=\"foo bar\">d<a>ta</span>"); |
| } |
| |
| @Test |
| public void rejectJavaScript_AnchorHref() { |
| final String href = "javascript:window.close();"; |
| exception.expect(RuntimeException.class); |
| exception.expectMessage("javascript unsafe in href: " + href); |
| new SafeHtmlBuilder().openAnchor().setAttribute("href", href); |
| } |
| |
| @Test |
| public void rejectJavaScript_ImgSrc() { |
| final String href = "javascript:window.close();"; |
| exception.expect(RuntimeException.class); |
| exception.expectMessage("javascript unsafe in href: " + href); |
| new SafeHtmlBuilder().openElement("img").setAttribute("src", href); |
| } |
| |
| @Test |
| public void rejectJavaScript_FormAction() { |
| final String href = "javascript:window.close();"; |
| exception.expect(RuntimeException.class); |
| exception.expectMessage("javascript unsafe in href: " + href); |
| new SafeHtmlBuilder().openElement("form").setAttribute("action", href); |
| } |
| |
| private static String escape(char c) { |
| return new SafeHtmlBuilder().append(c).asString(); |
| } |
| |
| private static String escape(String c) { |
| return new SafeHtmlBuilder().append(c).asString(); |
| } |
| } |
