// Copyright (C) 2009 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gwtexpui.safehtml.client;
import static com.google.common.truth.Truth.assertThat;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
public class SafeHtmlBuilderTest {
@Rule public ExpectedException exception = ExpectedException.none();
@Test
public void empty() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b.isEmpty()).isTrue();
assertThat(b.hasContent()).isFalse();
assertThat(b.asString()).isEmpty();
b.append("a");
assertThat(b.hasContent()).isTrue();
assertThat(b.asString()).isEqualTo("a");
}
@Test
public void toSafeHtml() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
b.append(1);
final SafeHtml h = b.toSafeHtml();
assertThat(h).isNotNull();
assertThat(h).isNotSameAs(b);
assertThat(h).isNotInstanceOf(SafeHtmlBuilder.class);
assertThat(h.asString()).isEqualTo("1");
}
@Test
public void append_boolean() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append(true));
assertThat(b).isSameAs(b.append(false));
assertThat(b.asString()).isEqualTo("truefalse");
}
@Test
public void append_char() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append('a'));
assertThat(b).isSameAs(b.append('b'));
assertThat(b.asString()).isEqualTo("ab");
}
@Test
public void append_int() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append(4));
assertThat(b).isSameAs(b.append(2));
assertThat(b).isSameAs(b.append(-100));
assertThat(b.asString()).isEqualTo("42-100");
}
@Test
public void append_long() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append(4L));
assertThat(b).isSameAs(b.append(2L));
assertThat(b.asString()).isEqualTo("42");
}
@Test
public void append_float() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append(0.0f));
assertThat(b.asString()).isEqualTo("0.0");
}
@Test
public void append_double() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append(0.0));
assertThat(b.asString()).isEqualTo("0.0");
}
@Test
public void append_String() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append((String) null));
assertThat(b.asString()).isEmpty();
assertThat(b).isSameAs(b.append("foo"));
assertThat(b).isSameAs(b.append("bar"));
assertThat(b.asString()).isEqualTo("foobar");
}
@Test
public void append_StringBuilder() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append((StringBuilder) null));
assertThat(b.asString()).isEmpty();
assertThat(b).isSameAs(b.append(new StringBuilder("foo")));
assertThat(b).isSameAs(b.append(new StringBuilder("bar")));
assertThat(b.asString()).isEqualTo("foobar");
}
@Test
public void append_StringBuffer() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append((StringBuffer) null));
assertThat(b.asString()).isEmpty();
assertThat(b).isSameAs(b.append(new StringBuffer("foo")));
assertThat(b).isSameAs(b.append(new StringBuffer("bar")));
assertThat(b.asString()).isEqualTo("foobar");
}
@Test
public void append_Object() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append((Object) null));
assertThat(b.asString()).isEmpty();
assertThat(b)
.isSameAs(
b.append(
new Object() {
@Override
public String toString() {
return "foobar";
}
}));
assertThat(b.asString()).isEqualTo("foobar");
}
@Test
public void append_CharSequence() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append((CharSequence) null));
assertThat(b.asString()).isEmpty();
assertThat(b).isSameAs(b.append((CharSequence) "foo"));
assertThat(b).isSameAs(b.append((CharSequence) "bar"));
assertThat(b.asString()).isEqualTo("foobar");
}
@Test
public void append_SafeHtml() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.append((SafeHtml) null));
assertThat(b.asString()).isEmpty();
assertThat(b).isSameAs(b.append(new SafeHtmlString("foo")));
assertThat(b).isSameAs(b.append(new SafeHtmlBuilder().append("bar")));
assertThat(b.asString()).isEqualTo("foobar");
}
@Test
public void htmlSpecialCharacters() {
assertThat(escape("&")).isEqualTo("&");
assertThat(escape("<")).isEqualTo("<");
assertThat(escape(">")).isEqualTo(">");
assertThat(escape("\"")).isEqualTo(""");
assertThat(escape("'")).isEqualTo("'");
assertThat(escape('&')).isEqualTo("&");
assertThat(escape('<')).isEqualTo("<");
assertThat(escape('>')).isEqualTo(">");
assertThat(escape('"')).isEqualTo(""");
assertThat(escape('\'')).isEqualTo("'");
assertThat(escape("<b>")).isEqualTo("<b>");
assertThat(escape("<b>")).isEqualTo("<b>");
}
@Test
public void entityNbsp() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.nbsp());
assertThat(b.asString()).isEqualTo(" ");
}
@Test
public void tagBr() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.br());
assertThat(b.asString()).isEqualTo("<br />");
}
@Test
public void tagTableTrTd() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.openElement("table"));
assertThat(b).isSameAs(b.openTr());
assertThat(b).isSameAs(b.openTd());
assertThat(b).isSameAs(b.append("d<a>ta"));
assertThat(b).isSameAs(b.closeTd());
assertThat(b).isSameAs(b.closeTr());
assertThat(b).isSameAs(b.closeElement("table"));
assertThat(b.asString()).isEqualTo("<table><tr><td>d<a>ta</td></tr></table>");
}
@Test
public void tagDiv() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.openDiv());
assertThat(b).isSameAs(b.append("d<a>ta"));
assertThat(b).isSameAs(b.closeDiv());
assertThat(b.asString()).isEqualTo("<div>d<a>ta</div>");
}
@Test
public void tagAnchor() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.openAnchor());
assertThat(b.getAttribute("href")).isEmpty();
assertThat(b).isSameAs(b.setAttribute("href", "http://here"));
assertThat(b.getAttribute("href")).isEqualTo("http://here");
assertThat(b).isSameAs(b.setAttribute("href", "d<a>ta"));
assertThat(b.getAttribute("href")).isEqualTo("d<a>ta");
assertThat(b.getAttribute("target")).isEmpty();
assertThat(b).isSameAs(b.setAttribute("target", null));
assertThat(b.getAttribute("target")).isEmpty();
assertThat(b).isSameAs(b.append("go"));
assertThat(b).isSameAs(b.closeAnchor());
assertThat(b.asString()).isEqualTo("<a href=\"d<a>ta\">go</a>");
}
@Test
public void tagHeightWidth() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.openElement("img"));
assertThat(b).isSameAs(b.setHeight(100));
assertThat(b).isSameAs(b.setWidth(42));
assertThat(b).isSameAs(b.closeSelf());
assertThat(b.asString()).isEqualTo("<img height=\"100\" width=\"42\" />");
}
@Test
public void styleName() {
final SafeHtmlBuilder b = new SafeHtmlBuilder();
assertThat(b).isSameAs(b.openSpan());
assertThat(b).isSameAs(b.setStyleName("foo"));
assertThat(b).isSameAs(b.addStyleName("bar"));
assertThat(b).isSameAs(b.append("d<a>ta"));
assertThat(b).isSameAs(b.closeSpan());
assertThat(b.asString()).isEqualTo("<span class=\"foo bar\">d<a>ta</span>");
}
@Test
public void rejectJavaScript_AnchorHref() {
final String href = "javascript:window.close();";
exception.expect(RuntimeException.class);
exception.expectMessage("javascript unsafe in href: " + href);
new SafeHtmlBuilder().openAnchor().setAttribute("href", href);
}
@Test
public void rejectJavaScript_ImgSrc() {
final String href = "javascript:window.close();";
exception.expect(RuntimeException.class);
exception.expectMessage("javascript unsafe in href: " + href);
new SafeHtmlBuilder().openElement("img").setAttribute("src", href);
}
@Test
public void rejectJavaScript_FormAction() {
final String href = "javascript:window.close();";
exception.expect(RuntimeException.class);
exception.expectMessage("javascript unsafe in href: " + href);
new SafeHtmlBuilder().openElement("form").setAttribute("action", href);
}
private static String escape(final char c) {
return new SafeHtmlBuilder().append(c).asString();
}
private static String escape(final String c) {
return new SafeHtmlBuilder().append(c).asString();
}
}