afan
/
gitea
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
gitea源码
2 Commit
2 分支
目錄樹: f5d5e77162
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'f5d5e77162'
${ noResults }
gitea/modules/markup/internal/internal_test.go

internal_test.go 1.9KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. // Copyright 2024 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package internal

  5. 

  6. import (

  7. 	"bytes"

  8. 	"html/template"

  9. 	"io"

  10. 	"testing"

  11. 

  12. 	"github.com/stretchr/testify/assert"

  13. )

  14. 

  15. func TestRenderInternal(t *testing.T) {

  16. 	cases := []struct {

  17. 		input, protected, recovered string

  18. 	}{

  19. 		{

  20. 			input:     `<div class="test">class="content"</div>`,

  21. 			protected: `<div data-attr-class="sec:test">class="content"</div>`,

  22. 			recovered: `<div class="test">class="content"</div>`,

  23. 		},

  24. 		{

  25. 			input:     "<div\nclass=\"test\" data-xxx></div>",

  26. 			protected: `<div data-attr-class="sec:test" data-xxx></div>`,

  27. 			recovered: `<div class="test" data-xxx></div>`,

  28. 		},

  29. 	}

  30. 	for _, c := range cases {

  31. 		var r RenderInternal

  32. 		out := &bytes.Buffer{}

  33. 		in := r.init("sec", out)

  34. 		protected := r.ProtectSafeAttrs(template.HTML(c.input))

  35. 		assert.EqualValues(t, c.protected, protected)

  36. 		_, _ = io.WriteString(in, string(protected))

  37. 		_ = in.Close()

  38. 		assert.Equal(t, c.recovered, out.String())

  39. 	}

  40. 

  41. 	var r1, r2 RenderInternal

  42. 	protected := r1.ProtectSafeAttrs(`<div class="test"></div>`)

  43. 	assert.EqualValues(t, `<div class="test"></div>`, protected, "non-initialized RenderInternal should not protect any attributes")

  44. 	_ = r1.init("sec", nil)

  45. 	protected = r1.ProtectSafeAttrs(`<div class="test"></div>`)

  46. 	assert.EqualValues(t, `<div data-attr-class="sec:test"></div>`, protected)

  47. 	assert.Equal(t, "data-attr-class", r1.SafeAttr("class"))

  48. 	assert.Equal(t, "sec:val", r1.SafeValue("val"))

  49. 	recovered, ok := r1.RecoverProtectedValue("sec:val")

  50. 	assert.True(t, ok)

  51. 	assert.Equal(t, "val", recovered)

  52. 	recovered, ok = r1.RecoverProtectedValue("other:val")

  53. 	assert.False(t, ok)

  54. 	assert.Empty(t, recovered)

  55. 

  56. 	out2 := &bytes.Buffer{}

  57. 	in2 := r2.init("sec-other", out2)

  58. 	_, _ = io.WriteString(in2, string(protected))

  59. 	_ = in2.Close()

  60. 	assert.Equal(t, `<div data-attr-class="sec:test"></div>`, out2.String(), "different secureID should not recover the value")

  61. }