package org.jooby.hbs;
import org.jooby.Results;
import org.jooby.csl.XSS;
import org.jooby.test.ServerFeature;
import org.junit.Test;
public class Issue476HbsXss extends ServerFeature {
{
use(new XSS());
use(new Hbs());
get("/",
req -> Results.html("org/jooby/hbs/xss").put("input", "<script>alert('xss');</script>"));
}
@Test
public void xssFn() throws Exception {
request()
.get("/")
.expect("<!DOCTYPE html>\n" +
"<html>\n" +
" <body><a href=\"javascript:hello('\u003Cscript\u003Ealert%28\u0027xss\u0027%29%3B\u003C\u002Fscript\u003E')\"></a>\n"
+
" </body>\n" +
"</html>");
}
}