aboutsummaryrefslogtreecommitdiff
path: root/src/test/java/com
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-08-28 18:38:15 +0300
committerGravatar Vitaly Takmazov2016-08-28 18:38:15 +0300
commit14f111c2e3f20f563dfbe17181f77bfaa9cd57ef (patch)
tree6ed744340e137f1112642182e41cbcb8ed030afe /src/test/java/com
parent7092b70a8a92fc1fdfaa8a2c54ec7a2037f8790c (diff)
Tags: should be escaped in db and unescaped in templates
Diffstat (limited to 'src/test/java/com')
-rw-r--r--src/test/java/com/juick/tests/ApiTests.java11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/test/java/com/juick/tests/ApiTests.java b/src/test/java/com/juick/tests/ApiTests.java
index 0d34bfbb..b5632b39 100644
--- a/src/test/java/com/juick/tests/ApiTests.java
+++ b/src/test/java/com/juick/tests/ApiTests.java
@@ -12,6 +12,8 @@ import com.juick.server.TagQueries;
import com.juick.server.UserQueries;
import com.juick.server.protocol.JuickProtocol;
import com.juick.server.protocol.ProtocolReply;
+import com.juick.www.PageTemplates;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.json.JSONArray;
import org.junit.After;
import org.junit.Before;
@@ -36,7 +38,7 @@ public class ApiTests {
DB db;
@Before
public void setupConnection() throws ManagedProcessException {
- db = DB.newEmbeddedDB(3306);
+ db = DB.newEmbeddedDB(33306);
db.start();
db.createDB("juick");
db.source("schema.sql");
@@ -88,6 +90,13 @@ public class ApiTests {
assertEquals(1, SubscriptionsQueries.getUsersSubscribedToComments(jdbc, msg.getMID(), user.getUID()).size());
MessagesQueries.deleteMessage(jdbc, user_id, mid);
MessagesQueries.deleteMessage(jdbc, user_id, mid2);
+ String htmlTagName = ">_<";
+ Tag htmlTag = TagQueries.getTag(jdbc, htmlTagName, true);
+ String dbTagName = jdbc.queryForObject("select name from tags where name=?", String.class, StringEscapeUtils.escapeHtml4(htmlTagName));
+ assertNotEquals("db tags should be escaped", dbTagName, htmlTag.getName());
+ assertEquals("object tags should unescaped", htmlTag.getName(), StringEscapeUtils.unescapeHtml4(dbTagName));
+ assertEquals("template should encode escaped tag in url and show escaped tag in name",
+ " *<a href=\"/tag/%3E_%3C\" rel=\"nofollow\">&gt;_&lt;</a>", PageTemplates.formatTags(new ArrayList<Tag>() {{ add(htmlTag); }} ));
}
@Test