1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
<?php
/*
* This file is part of the Smarty PHPUnit tests.
*/
/**
* class for 'escapeHtml' property tests
*
*
*
*
*/
class AutoEscapeTest extends PHPUnit_Smarty
{
/*
* Setup test fixture
*/
public function setUp(): void
{
$this->setUpSmarty(__DIR__);
$this->smarty->setEscapeHtml(true);
}
/**
* test 'escapeHtml' property
*/
public function testAutoEscape()
{
$tpl = $this->smarty->createTemplate('eval:{$foo}');
$tpl->assign('foo', '<a@b.c>');
$this->assertEquals("<a@b.c>", $this->smarty->fetch($tpl));
}
/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeFunctionPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_FUNCTION,
'horizontal_rule',
function ($params, $smarty) { return "<hr>"; }
);
$tpl = $this->smarty->createTemplate('eval:{horizontal_rule}');
$this->assertEquals("<hr>", $this->smarty->fetch($tpl));
}
/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeBlockPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_BLOCK,
'paragraphify',
function ($params, $content) { return $content == null ? null : "<p>".$content."</p>"; }
);
$tpl = $this->smarty->createTemplate('eval:{paragraphify}hi{/paragraphify}');
$this->assertEquals("<p>hi</p>", $this->smarty->fetch($tpl));
}
/**
* test autoescape + raw modifier
*/
public function testAutoEscapeRaw() {
$tpl = $this->smarty->createTemplate('eval:{$foo|raw}');
$tpl->assign('foo', '<a@b.c>');
$this->assertEquals("<a@b.c>", $this->smarty->fetch($tpl));
}
/**
* test autoescape + escape modifier = no double-escaping
*/
public function testAutoEscapeNoDoubleEscape() {
$tpl = $this->smarty->createTemplate('eval:{$foo|escape}');
$tpl->assign('foo', '<a@b.c>');
$this->assertEquals("<a@b.c>", $this->smarty->fetch($tpl));
}
/**
* test autoescape + escape modifier = force double-escaping
*/
public function testAutoEscapeForceDoubleEscape() {
$tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'force\'}');
$tpl->assign('foo', '<a@b.c>');
$this->assertEquals("&lt;a@b.c&gt;", $this->smarty->fetch($tpl));
}
/**
* test autoescape + escape modifier = special escape
*/
public function testAutoEscapeSpecialEscape() {
$tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'url\'}');
$tpl->assign('foo', 'aa bb');
$this->assertEquals("aa%20bb", $this->smarty->fetch($tpl));
}
/**
* test autoescape + escape modifier = special escape
*/
public function testAutoEscapeSpecialEscape2() {
$tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'url\'}');
$tpl->assign('foo', '<BR>');
$this->assertEquals("%3CBR%3E", $this->smarty->fetch($tpl));
}
/**
* test autoescape + escape modifier = special escape
*/
public function testAutoEscapeSpecialEscape3() {
$tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'htmlall\'}');
$tpl->assign('foo', '<BR>');
$this->assertEquals("<BR>", $this->smarty->fetch($tpl));
}
/**
* test autoescape + escape modifier = special escape
*/
public function testAutoEscapeSpecialEscape4() {
$tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'javascript\'}');
$tpl->assign('foo', '<\'');
$this->assertEquals("<\\'", $this->smarty->fetch($tpl));
}
}
|