package org.jooby.ftl;
import org.jooby.Results;
import org.jooby.csl.XSS;
import org.jooby.test.ServerFeature;
import org.junit.Test;
public class Issue476FtlXss extends ServerFeature {
{
use(new XSS());
use(new Ftl());
get("/", req -> Results.html("org/jooby/ftl/xss").put("input", "<script>alert('xss');</script>"));
}
@Test
public void xssFn() throws Exception {
request()
.get("/")
.expect("<!DOCTYPE html>\n" +
"<html>\n" +
" <body><a href=\"javascript:hello('\u003Cscript\u003Ealert%28\u0027xss\u0027%29%3B\u003C\u002Fscript\u003E')\"></a>\n" +
" </body>\n" +
"</html>");
}
}