// Copyright (C) 2009 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gwtexpui.safehtml.client;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import org.junit.Test;
public class SafeHtmlBuilderTest {
@Test
public void testEmpty() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertTrue(b.isEmpty());
assertFalse(b.hasContent());
assertEquals("", b.asString());
b.append("a");
assertTrue(b.hasContent());
assertEquals("a", b.asString());
}
@Test
public void testToSafeHtml() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
b.append(1);
final SafeHtml h = b.toSafeHtml();
assertNotNull(h);
assertNotSame(h, b);
assertFalse(h instanceof SafeHtmlBuilder);
assertEquals("1", h.asString());
}
@Test
public void testAppend_boolean() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append(true));
assertSame(b, b.append(false));
assertEquals("truefalse", b.asString());
}
@Test
public void testAppend_char() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append('a'));
assertSame(b, b.append('b'));
assertEquals("ab", b.asString());
}
@Test
public void testAppend_int() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append(4));
assertSame(b, b.append(2));
assertSame(b, b.append(-100));
assertEquals("42-100", b.asString());
}
@Test
public void testAppend_long() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append(4L));
assertSame(b, b.append(2L));
assertEquals("42", b.asString());
}
@Test
public void testAppend_float() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append(0.0f));
assertEquals("0.0", b.asString());
}
@Test
public void testAppend_double() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append(0.0));
assertEquals("0.0", b.asString());
}
@Test
public void testAppend_String() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append((String) null));
assertEquals("", b.asString());
assertSame(b, b.append("foo"));
assertSame(b, b.append("bar"));
assertEquals("foobar", b.asString());
}
@Test
public void testAppend_StringBuilder() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append((StringBuilder) null));
assertEquals("", b.asString());
assertSame(b, b.append(new StringBuilder("foo")));
assertSame(b, b.append(new StringBuilder("bar")));
assertEquals("foobar", b.asString());
}
@Test
public void testAppend_StringBuffer() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append((StringBuffer) null));
assertEquals("", b.asString());
assertSame(b, b.append(new StringBuffer("foo")));
assertSame(b, b.append(new StringBuffer("bar")));
assertEquals("foobar", b.asString());
}
@Test
public void testAppend_Object() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append((Object) null));
assertEquals("", b.asString());
assertSame(b, b.append(new Object() {
@Override
public String toString() {
return "foobar";
}
}));
assertEquals("foobar", b.asString());
}
@Test
public void testAppend_CharSequence() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append((CharSequence) null));
assertEquals("", b.asString());
assertSame(b, b.append((CharSequence) "foo"));
assertSame(b, b.append((CharSequence) "bar"));
assertEquals("foobar", b.asString());
}
@Test
public void testAppend_SafeHtml() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.append((SafeHtml) null));
assertEquals("", b.asString());
assertSame(b, b.append(new SafeHtmlString("foo")));
assertSame(b, b.append(new SafeHtmlBuilder().append("bar")));
assertEquals("foobar", b.asString());
}
@Test
public void testHtmlSpecialCharacters() {
assertEquals("&", escape("&"));
assertEquals("<", escape("<"));
assertEquals(">", escape(">"));
assertEquals(""", escape("\""));
assertEquals("'", escape("'"));
assertEquals("&", escape('&'));
assertEquals("<", escape('<'));
assertEquals(">", escape('>'));
assertEquals(""", escape('"'));
assertEquals("'", escape('\''));
assertEquals("<b>", escape("<b>"));
assertEquals("<b>", escape("<b>"));
}
@Test
public void testEntityNbsp() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.nbsp());
assertEquals(" ", b.asString());
}
@Test
public void testTagBr() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.br());
assertEquals("<br />", b.asString());
}
@Test
public void testTagTableTrTd() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.openElement("table"));
assertSame(b, b.openTr());
assertSame(b, b.openTd());
assertSame(b, b.append("d<a>ta"));
assertSame(b, b.closeTd());
assertSame(b, b.closeTr());
assertSame(b, b.closeElement("table"));
assertEquals("<table><tr><td>d<a>ta</td></tr></table>", b.asString());
}
@Test
public void testTagDiv() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.openDiv());
assertSame(b, b.append("d<a>ta"));
assertSame(b, b.closeDiv());
assertEquals("<div>d<a>ta</div>", b.asString());
}
@Test
public void testTagAnchor() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.openAnchor());
assertEquals("", b.getAttribute("href"));
assertSame(b, b.setAttribute("href", "http://here"));
assertEquals("http://here", b.getAttribute("href"));
assertSame(b, b.setAttribute("href", "d<a>ta"));
assertEquals("d<a>ta", b.getAttribute("href"));
assertEquals("", b.getAttribute("target"));
assertSame(b, b.setAttribute("target", null));
assertEquals("", b.getAttribute("target"));
assertSame(b, b.append("go"));
assertSame(b, b.closeAnchor());
assertEquals("<a href=\"d<a>ta\">go</a>", b.asString());
}
@Test
public void testTagHeightWidth() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.openElement("img"));
assertSame(b, b.setHeight(100));
assertSame(b, b.setWidth(42));
assertSame(b, b.closeSelf());
assertEquals("<img height=\"100\" width=\"42\" />", b.asString());
}
@Test
public void testStyleName() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertSame(b, b.openSpan());
assertSame(b, b.setStyleName("foo"));
assertSame(b, b.addStyleName("bar"));
assertSame(b, b.append("d<a>ta"));
assertSame(b, b.closeSpan());
assertEquals("<span class=\"foo bar\">d<a>ta</span>", b.asString());
}
@Test
public void testRejectJavaScript_AnchorHref() {
final String href = "javascript:window.close();";
try {
new SafeHtmlBuilder().openAnchor().setAttribute("href", href);
fail("accepted javascript in a href");
} catch (RuntimeException e) {
assertEquals("javascript unsafe in href: " + href, e.getMessage());
}
}
@Test
public void testRejectJavaScript_ImgSrc() {
final String href = "javascript:window.close();";
try {
new SafeHtmlBuilder().openElement("img").setAttribute("src", href);
fail("accepted javascript in img src");
} catch (RuntimeException e) {
assertEquals("javascript unsafe in href: " + href, e.getMessage());
}
}
@Test
public void testRejectJavaScript_FormAction() {
final String href = "javascript:window.close();";
try {
new SafeHtmlBuilder().openElement("form").setAttribute("action", href);
fail("accepted javascript in form action");
} catch (RuntimeException e) {
assertEquals("javascript unsafe in href: " + href, e.getMessage());
}
}
private static String escape(final char c) {
return new SafeHtmlBuilder().append(c).asString();
}
private static String escape(final String c) {
return new SafeHtmlBuilder().append(c).asString();
}
}