/*
* Copyright 2008 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package com.google.gwt.safehtml.shared;
import junit.framework.TestCase;
/**
* Unit tests for SanitizedHtml.
*/
public class SimpleHtmlSanitizerTest extends TestCase {
public void testSimple() {
// simple case
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("foobar");
assertEquals("foobar", html.asString());
}
public void testDontChangeWhiteSpace() {
// shouldn't change whitespace or newlines
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml(
"things are breezy\nand jolly\tgood");
assertEquals("things are breezy\nand jolly\tgood", html.asString());
}
public void testEscapeHtmlMetaCharacters() {
// need to escape HTML metacharacters appearing on their own
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("foo < bar & that's good");
assertEquals("foo < bar & that's good", html.asString());
}
public void testDontDoubleEscape() {
// but don't double-escape HTML entities
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml(
"foo < bar & that's good");
assertEquals("foo < bar & that's good", html.asString());
}
public void testEscapeLoneMetacharacters() {
// need to escape HTML metacharacters appearing on their own
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml(
"\"foo < bar & that's good\"");
assertEquals(
""foo < bar & that's good"", html.asString());
}
public void testDontEscapeValidTags() {
// leave simple tags alone
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("foo <em>bar</em>");
assertEquals("foo <em>bar</em>", html.asString());
}
public void testTagAtBeginning() {
// correctly deal with a tag at the beginnign
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("<em>bar</em>");
assertEquals("<em>bar</em>", html.asString());
}
public void testNonTagAtBeginning() {
// correctly deal with a non-tag at the beginnig
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("<yow <em>bar</em>");
assertEquals("<yow <em>bar</em>", html.asString());
}
public void testNonTagAtEnd() {
// correctly deal with a non-tag at the end
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("<em>bar</em> foo <");
assertEquals("<em>bar</em> foo <", html.asString());
}
public void testNullTag() {
// correctly deal with bogus empty tag
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("<>bar</em> foo<>");
assertEquals("<>bar</em> foo<>", html.asString());
}
public void testNullEndTag() {
// correctly deal with bogus empty end tag
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("</>bar</em> foo</>");
assertEquals("</>bar</em> foo</>", html.asString());
}
public void testSimpleTagsAndHtmlMetaChars() {
// mix of simple tags and HTML metacharacters appearing on their own
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml(
"foo < bar & that's <b>good</b>");
assertEquals("foo < bar & that's <b>good</b>", html.asString());
}
public void testEvilTags() {
// escape tags we don't know
SafeHtml html = SimpleHtmlSanitizer.sanitizeHtml("<script>evil()</script>");
assertEquals("<script>evil()</script>", html.asString());
}
}