SmartEscapeTest.java

/**
 * Copyright (C) 2013-2016 The Rythm Engine project
 * for LICENSE and other details see:
 * https://github.com/rythmengine/rythmengine
 */
package org.rythmengine.advanced;

import org.rythmengine.Rythm;
import org.rythmengine.TestBase;
import org.rythmengine.conf.RythmConfigurationKey;
import org.rythmengine.extension.ICodeType;
import org.junit.Before;
import org.junit.Test;

import static org.rythmengine.conf.RythmConfigurationKey.FEATURE_SMART_ESCAPE_ENABLED;
import static org.rythmengine.conf.RythmConfigurationKey.FEATURE_TYPE_INFERENCE_ENABLED;

/**
 * Test Smart Escape feature
 */
public class SmartEscapeTest extends TestBase {
    
    @Before
    public void setup() {
        System.setProperty(FEATURE_TYPE_INFERENCE_ENABLED.getKey(), "true");
        System.setProperty(FEATURE_SMART_ESCAPE_ENABLED.getKey(), "true");
        System.getProperties().put(RythmConfigurationKey.DEFAULT_CODE_TYPE_IMPL.getKey(), ICodeType.DefImpl.HTML);
    }
    
    @Test
    public void test() {
        String p1 = "<h1>h1</h1>";
        String p2 = "tom's store";
        String t = "@1<script>alert('@2');</script>";
        String s = Rythm.render(t, p1, p2);
        assertEquals("<h1>h1</h1><script>alert('tom\\'s store');</script>", s);
    }
    
    @Test
    public void testFeatureDisabled() {
        System.setProperty(FEATURE_SMART_ESCAPE_ENABLED.getKey(), "false");
        String p1 = "<h1>h1</h1>";
        String p2 = "tom's store";
        String t = "@1<script>alert('@2');</script>";
        String s = Rythm.render(t, p1, p2);
        assertEquals("<h1>h1</h1><script>alert('tom's store');</script>", s);
    }
    
    public static void main(String[] args) {
        run(SmartEscapeTest.class);
    }
}