summaryrefslogtreecommitdiff
path: root/tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php
blob: 4a4ef066258d602d5c7c68d3f0bf4efdd2f6316e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
/*
 * This file is part of the Smarty PHPUnit tests.
 */

/**
 * class for 'escapeHtml' property tests
 *
 * 
 * 
 * 
 */
class AutoEscapeTest extends PHPUnit_Smarty
{
    /*
     * Setup test fixture
     */
    public function setUp(): void
    {
        $this->setUpSmarty(__DIR__);
        $this->smarty->setEscapeHtml(true);
    }

    /**
     * test 'escapeHtml' property
     */
    public function testAutoEscape()
    {
        $tpl = $this->smarty->createTemplate('eval:{$foo}');
        $tpl->assign('foo', '<a@b.c>');
        $this->assertEquals("&lt;a@b.c&gt;", $this->smarty->fetch($tpl));
    }

    /**
     * test 'escapeHtml' property
     * @group issue906
     */
    public function testAutoEscapeDoesNotEscapeFunctionPlugins()
    {
        $this->smarty->registerPlugin(
            \Smarty\Smarty::PLUGIN_FUNCTION,
            'horizontal_rule',
            function ($params, $smarty)	{ return "<hr>"; }
        );
        $tpl = $this->smarty->createTemplate('eval:{horizontal_rule}');
        $this->assertEquals("<hr>", $this->smarty->fetch($tpl));
    }

    /**
     * test 'escapeHtml' property
     * @group issue906
     */
    public function testAutoEscapeDoesNotEscapeBlockPlugins()
    {
        $this->smarty->registerPlugin(
            \Smarty\Smarty::PLUGIN_BLOCK,
            'paragraphify',
            function ($params, $content)	{ return $content == null ? null :  "<p>".$content."</p>"; }
        );
        $tpl = $this->smarty->createTemplate('eval:{paragraphify}hi{/paragraphify}');
        $this->assertEquals("<p>hi</p>", $this->smarty->fetch($tpl));
    }

    /**
     * test autoescape + raw modifier
     */
    public function testAutoEscapeRaw() {
        $tpl = $this->smarty->createTemplate('eval:{$foo|raw}');
        $tpl->assign('foo', '<a@b.c>');
        $this->assertEquals("<a@b.c>", $this->smarty->fetch($tpl));
    }

    /**
     * test autoescape + escape modifier = no double-escaping
     */
    public function testAutoEscapeNoDoubleEscape() {
        $tpl = $this->smarty->createTemplate('eval:{$foo|escape}');
        $tpl->assign('foo', '<a@b.c>');
        $this->assertEquals("&lt;a@b.c&gt;", $this->smarty->fetch($tpl));
    }

    /**
     * test autoescape + escape modifier = force double-escaping
     */
    public function testAutoEscapeForceDoubleEscape() {
        $tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'force\'}');
        $tpl->assign('foo', '<a@b.c>');
        $this->assertEquals("&amp;lt;a@b.c&amp;gt;", $this->smarty->fetch($tpl));
    }

    /**
     * test autoescape + escape modifier = special escape
     */
    public function testAutoEscapeSpecialEscape() {
        $tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'url\'}');
        $tpl->assign('foo', 'aa bb');
        $this->assertEquals("aa%20bb", $this->smarty->fetch($tpl));
    }

    /**
     * test autoescape + escape modifier = special escape
     */
    public function testAutoEscapeSpecialEscape2() {
        $tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'url\'}');
        $tpl->assign('foo', '<BR>');
        $this->assertEquals("%3CBR%3E", $this->smarty->fetch($tpl));
    }

    /**
     * test autoescape + escape modifier = special escape
     */
    public function testAutoEscapeSpecialEscape3() {
        $tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'htmlall\'}');
        $tpl->assign('foo', '<BR>');
        $this->assertEquals("&lt;BR&gt;", $this->smarty->fetch($tpl));
    }


    /**
     * test autoescape + escape modifier = special escape
     */
    public function testAutoEscapeSpecialEscape4() {
        $tpl = $this->smarty->createTemplate('eval:{$foo|escape:\'javascript\'}');
        $tpl->assign('foo', '<\'');
        $this->assertEquals("<\\'", $this->smarty->fetch($tpl));
    }

}