* @author Kornel Lesiński * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License * @version SVN: $Id: EscapeHTMLTest.php 618 2009-05-24 22:26:06Z kornel $ * @link http://phptal.org/ */ require_once dirname(__FILE__)."/config.php"; class EscapeHTMLTest extends PHPTAL_TestCase { private function executeString($str, $params = array()) { $tpl = $this->newPHPTAL(); foreach ($params as $k => $v) $tpl->set($k,$v); $tpl->setSource($str); return $tpl->execute(); } function testDoesEscapeHTMLContent(){ $tpl = $this->newPHPTAL('input/escape.html'); $exp = trim_file('output/escape.html'); $res = trim_string($tpl->execute()); $this->assertEquals($exp, $res); } function testEntityDecodingPath1() { $res = $this->executeString('
'); $this->assertNotContains('&',$res); } function testEntityDecodingBeforePHP() { /* PHP block in attributes gets raw input (that's not XML style, but PHP style) */ $res = $this->executeString('
'. ',${php:strlen(\'"&\')}
'); $this->assertEquals('
2,2
',$res); } function testEntityEncodingAfterPHP() { $res = $this->executeString('
,${php:urldecode(\'%26%22%3C\')}
'); $this->assertEquals('
&"<,&"<
',$res); } function testNoEntityEncodingAfterStructurePHP() { $res = $this->executeString('
'. ',${structure php:urldecode(\'%26%20%3E%22\')},
'); $this->assertEquals('
& >",& >",& >"
',$res); } function testDecodingBeforeStructure() { $res = $this->executeString('
'); $this->assertNotContains('&',$res); } function testEntityDecodingPHP1() { $res = $this->executeString('
'); $this->assertNotContains('&',$res); } function testEntityDecodingPath2() { $res = $this->executeString('
'); $this->assertNotContains('&',$res); } function testEntityDecodingPHP2() { $res = $this->executeString('
'); $this->assertNotContains('&',$res); } function testEntityDecodingPath3() { $res = $this->executeString('

${\'" quote character\'}

'); $this->assertNotContains('&',$res); } function testEntityDecodingPHP3() { $res = $this->executeString('

${php:\'" quote character\'}

'); $this->assertNotContains('&',$res); } function testEntityEncodingPath1() { $res = $this->executeString('
'); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingPHP1() { $res = $this->executeString('
'); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingPath2() { $res = $this->executeString('
'); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingVariables() { $res = $this->executeString('
${variable}${php:variable}
', array('variable'=>'& = ampersand, " = quote, \' = apostrophe')); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingAttributesDefault1() { $res = $this->executeString('
'); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingAttributesDefault2() { $res = $this->executeString('
'); $this->assertNotContains('&',$res); $this->assertContains('"',$res); // or apos... } function testEntityEncodingPHP2() { $res = $this->executeString('
'); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingPath3() { $res = $this->executeString('

${\'& ampersand character\'}

'); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testEntityEncodingPHP3() { $res = $this->executeString('

&{php:\'& ampersand character\'}

'); $this->assertContains('&',$res); $this->assertNotContains('&amp;',$res); $this->assertNotContains('&&',$res); } function testSimpleXML() { $tpl = $this->newPHPTAL(); $tpl->setSource('

${x} ${y}

'); $simplexml = new SimpleXMLElement('foo&<'); $tpl->x = $simplexml['title']; $tpl->y = $simplexml['empty']; $this->assertEquals('

bar&<

',$tpl->execute()); } function testStructureSimpleXML() { $tpl = $this->newPHPTAL(); $tpl->setSource('

${structure x} ${structure y}

'); $simplexml = new SimpleXMLElement('foo&<'); $tpl->x = $simplexml['title']; $tpl->y = $simplexml['empty']; $this->assertEquals('

bar&<

',$tpl->execute()); } function testUnicodeUnescaped() { $tpl = $this->newPHPTAL(); $tpl->World = '${World}'; // a quine! ;) $tpl->setSource($src = '

Hello “${World}!”

'); $this->assertEquals($src, $tpl->execute()); } }