diff options
author | Vitaly Takmazov | 2016-08-28 18:38:15 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2016-08-28 18:38:15 +0300 |
commit | 14f111c2e3f20f563dfbe17181f77bfaa9cd57ef (patch) | |
tree | 6ed744340e137f1112642182e41cbcb8ed030afe /src/test/java | |
parent | 7092b70a8a92fc1fdfaa8a2c54ec7a2037f8790c (diff) |
Tags: should be escaped in db and unescaped in templates
Diffstat (limited to 'src/test/java')
-rw-r--r-- | src/test/java/com/juick/tests/ApiTests.java | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/test/java/com/juick/tests/ApiTests.java b/src/test/java/com/juick/tests/ApiTests.java index 0d34bfbb..b5632b39 100644 --- a/src/test/java/com/juick/tests/ApiTests.java +++ b/src/test/java/com/juick/tests/ApiTests.java @@ -12,6 +12,8 @@ import com.juick.server.TagQueries; import com.juick.server.UserQueries; import com.juick.server.protocol.JuickProtocol; import com.juick.server.protocol.ProtocolReply; +import com.juick.www.PageTemplates; +import org.apache.commons.lang3.StringEscapeUtils; import org.json.JSONArray; import org.junit.After; import org.junit.Before; @@ -36,7 +38,7 @@ public class ApiTests { DB db; @Before public void setupConnection() throws ManagedProcessException { - db = DB.newEmbeddedDB(3306); + db = DB.newEmbeddedDB(33306); db.start(); db.createDB("juick"); db.source("schema.sql"); @@ -88,6 +90,13 @@ public class ApiTests { assertEquals(1, SubscriptionsQueries.getUsersSubscribedToComments(jdbc, msg.getMID(), user.getUID()).size()); MessagesQueries.deleteMessage(jdbc, user_id, mid); MessagesQueries.deleteMessage(jdbc, user_id, mid2); + String htmlTagName = ">_<"; + Tag htmlTag = TagQueries.getTag(jdbc, htmlTagName, true); + String dbTagName = jdbc.queryForObject("select name from tags where name=?", String.class, StringEscapeUtils.escapeHtml4(htmlTagName)); + assertNotEquals("db tags should be escaped", dbTagName, htmlTag.getName()); + assertEquals("object tags should unescaped", htmlTag.getName(), StringEscapeUtils.unescapeHtml4(dbTagName)); + assertEquals("template should encode escaped tag in url and show escaped tag in name", + " *<a href=\"/tag/%3E_%3C\" rel=\"nofollow\">>_<</a>", PageTemplates.formatTags(new ArrayList<Tag>() {{ add(htmlTag); }} )); } @Test |