fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 17:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add unit test for contextual escape

Browse source
This commit is contained in:
Kijin Sung 2025-03-19 11:23:56 +09:00
parent d7cf825a7d
commit 04a7734b2e
3 changed files with 75 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tests/_data/template/v2contextual.executed.html Normal file
View file

@ -0,0 +1,27 @@
<a href="javascript:alert('Hello \u003C\u0022world\u0022\u003E (\u0027string\u0027) variable.jpg')">
Hello &lt;&quot;world&quot;&gt; (&#039;string&#039;) variable.jpg</p>
<p onclick="location.href = 'Hello \u003C\u0022world\u0022\u003E (\u0027string\u0027) variable.jpg';">
<span style="font: Hello &lt;&quot;world&quot;&gt; (&#039;string&#039;) variable.jpg">
Hello &lt;&quot;world&quot;&gt; (&#039;string&#039;) variable.jpg </span>
</p>
<script type="text/javascript">
function() {
const foo = 'Hello \u003C\u0022world\u0022\u003E (\u0027string\u0027) variable.jpg';
const bar = 'Hello <"world"> ('string') variable.jpg';
const json = "Hello \u003C\u0022world\u0022\u003E ('string') variable.jpg";
}
</script>
<style>
body {
background-image: url('Hello &lt;&quot;world&quot;&gt; (&#039;string&#039;) variable.jpg');
}
</style>
<ul class="test">
<li>Hello &lt;&quot;world&quot;&gt; (&#039;string&#039;) variable.jpg</li>
<li>Hello <"world"> ('string') variable.jpg</li>
</ul>

30
tests/_data/template/v2contextual.html Normal file
View file

@ -0,0 +1,30 @@
@version(2)
<a href="javascript:alert('{{ $var }}')">
{{ $var }}
</p>
<p onclick="location.href = '{{ $var }}';">
<span style="font: {{ $var }}">
{{ $var }}
</span>
</p>
<script type="text/javascript">
function() {
const foo = '{{ $var }}';
const bar = '{{ $var|noescape }}';
const json = @json($var);
}
</script>
<style>
body {
background-image: url('{{ $var }}');
}
</style>
<ul class="test">
<li>{{ $var }}</li>
<li>{{ $var|noescape }}</li>
</ul>

18
tests/unit/framework/parsers/TemplateParserV2Test.php
View file

@ -1220,6 +1220,24 @@ class TemplateParserV2Test extends \Codeception\Test\Unit
$this->assertStringContainsString('/tests/_data/template/css/style.scss', array_first($list)['file']);
}
public function testCompileContextualEscape()
{
// Contextual escape
$tmpl = new \Rhymix\Framework\Template('./tests/_data/template', 'v2contextual.html');
$tmpl->disableCache();
$tmpl->setVars([
'var' => 'Hello <"world"> (\'string\') variable.jpg'
]);
$executed_output = $tmpl->compile();
//Rhymix\Framework\Storage::write(\RX_BASEDIR . 'tests/_data/template/v2contextual.executed.html', $executed_output);
$expected = file_get_contents(\RX_BASEDIR . 'tests/_data/template/v2contextual.executed.html');
$this->assertEquals(
$this->_normalizeWhitespace($expected),
$this->_normalizeWhitespace($executed_output)
);
}
public function testCompileLang()
{
// Lang