From 14f111c2e3f20f563dfbe17181f77bfaa9cd57ef Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Sun, 28 Aug 2016 18:38:15 +0300
Subject: Tags: should be escaped in db and unescaped in templates
---
src/test/java/com/juick/tests/ApiTests.java | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
(limited to 'src/test/java')
diff --git a/src/test/java/com/juick/tests/ApiTests.java b/src/test/java/com/juick/tests/ApiTests.java
index 0d34bfbb..b5632b39 100644
--- a/src/test/java/com/juick/tests/ApiTests.java
+++ b/src/test/java/com/juick/tests/ApiTests.java
@@ -12,6 +12,8 @@ import com.juick.server.TagQueries;
import com.juick.server.UserQueries;
import com.juick.server.protocol.JuickProtocol;
import com.juick.server.protocol.ProtocolReply;
+import com.juick.www.PageTemplates;
+import org.apache.commons.lang3.StringEscapeUtils;
import org.json.JSONArray;
import org.junit.After;
import org.junit.Before;
@@ -36,7 +38,7 @@ public class ApiTests {
DB db;
@Before
public void setupConnection() throws ManagedProcessException {
- db = DB.newEmbeddedDB(3306);
+ db = DB.newEmbeddedDB(33306);
db.start();
db.createDB("juick");
db.source("schema.sql");
@@ -88,6 +90,13 @@ public class ApiTests {
assertEquals(1, SubscriptionsQueries.getUsersSubscribedToComments(jdbc, msg.getMID(), user.getUID()).size());
MessagesQueries.deleteMessage(jdbc, user_id, mid);
MessagesQueries.deleteMessage(jdbc, user_id, mid2);
+ String htmlTagName = ">_<";
+ Tag htmlTag = TagQueries.getTag(jdbc, htmlTagName, true);
+ String dbTagName = jdbc.queryForObject("select name from tags where name=?", String.class, StringEscapeUtils.escapeHtml4(htmlTagName));
+ assertNotEquals("db tags should be escaped", dbTagName, htmlTag.getName());
+ assertEquals("object tags should unescaped", htmlTag.getName(), StringEscapeUtils.unescapeHtml4(dbTagName));
+ assertEquals("template should encode escaped tag in url and show escaped tag in name",
+ " *>_<", PageTemplates.formatTags(new ArrayList() {{ add(htmlTag); }} ));
}
@Test
--
cgit v1.2.3