diff options
author | Anthony Fok <foka@debian.org> | 2015-01-20 09:41:22 +0300 |
---|---|---|
committer | Anthony Fok <foka@debian.org> | 2015-01-20 09:41:22 +0300 |
commit | 724cc0ddff3427a37b1fa4367880fce23bb4f1f8 (patch) | |
tree | b2e3ffe9635b09dc36b2299bf8a91fd8cc6f202b /tpl/template_test.go | |
parent | f5946ea3ddf4ae4256b0ef6a8ccf73fb9d1253cf (diff) |
Add `safeUrl`; disable `safeHtmlAttr`; rename `safeCSS` to `safeCss`
- Add `safeUrl` template function (Fixes #347)
- Add TestSafeUrl() fashioned after @tatsushid great examples
- Disable `safeHtmlAttr` pending further discussions on its other
use cases because `safeUrl` is a cleaner solution to #347.
(There are also `safeJs` and `safeJsStr` that we could implement
if there are legitimate demands for them.)
- Rename `safeCSS` to `safeCss` (to follow the convention of `safeHtml`)
- Add/expand documentation on `safeHtml`, `safeCss` and `safeUrl`
Diffstat (limited to 'tpl/template_test.go')
-rw-r--r-- | tpl/template_test.go | 44 |
1 files changed, 40 insertions, 4 deletions
diff --git a/tpl/template_test.go b/tpl/template_test.go index f857e6341..159d6cf53 100644 --- a/tpl/template_test.go +++ b/tpl/template_test.go @@ -898,7 +898,7 @@ func TestSafeHtmlAttr(t *testing.T) { } } -func TestSafeCSS(t *testing.T) { +func TestSafeCss(t *testing.T) { for i, this := range []struct { str string tmplStr string @@ -910,6 +910,42 @@ func TestSafeCSS(t *testing.T) { tmpl, err := template.New("test").Parse(this.tmplStr) if err != nil { t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err) + continue + } + + buf := new(bytes.Buffer) + err = tmpl.Execute(buf, this.str) + if err != nil { + t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err) + } + if buf.String() != this.expectWithoutEscape { + t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape) + } + + buf.Reset() + err = tmpl.Execute(buf, SafeCss(this.str)) + if err != nil { + t.Errorf("[%d] execute template with an escaped string value by SafeCss returns unexpected error: %s", i, err) + } + if buf.String() != this.expectWithEscape { + t.Errorf("[%d] execute template with an escaped string value by SafeCss, got %v but expected %v", i, buf.String(), this.expectWithEscape) + } + } +} + +func TestSafeUrl(t *testing.T) { + for i, this := range []struct { + str string + tmplStr string + expectWithoutEscape string + expectWithEscape string + }{ + {`irc://irc.freenode.net/#golang`, `<a href="{{ . }}">IRC</a>`, `<a href="#ZgotmplZ">IRC</a>`, `<a href="irc://irc.freenode.net/#golang">IRC</a>`}, + } { + tmpl, err := template.New("test").Parse(this.tmplStr) + if err != nil { + t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err) + continue } buf := new(bytes.Buffer) @@ -922,12 +958,12 @@ func TestSafeCSS(t *testing.T) { } buf.Reset() - err = tmpl.Execute(buf, SafeCSS(this.str)) + err = tmpl.Execute(buf, SafeUrl(this.str)) if err != nil { - t.Errorf("[%d] execute template with an escaped string value by SafeCSS returns unexpected error: %s", i, err) + t.Errorf("[%d] execute template with an escaped string value by SafeUrl returns unexpected error: %s", i, err) } if buf.String() != this.expectWithEscape { - t.Errorf("[%d] execute template with an escaped string value by SafeCSS, got %v but expected %v", i, buf.String(), this.expectWithEscape) + t.Errorf("[%d] execute template with an escaped string value by SafeUrl, got %v but expected %v", i, buf.String(), this.expectWithEscape) } } } |