mirror/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-08-17 21:01:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add safeUrl; disable safeHtmlAttr; rename safeCSS to safeCss

Browse Source 
- Add `safeUrl` template function (Fixes #347)
- Add TestSafeUrl() fashioned after @tatsushid great examples
- Disable `safeHtmlAttr` pending further discussions on its other
  use cases because `safeUrl` is a cleaner solution to #347.
  (There are also `safeJs` and `safeJsStr` that we could implement
  if there are legitimate demands for them.)
- Rename `safeCSS` to `safeCss` (to follow the convention of `safeHtml`)
- Add/expand documentation on `safeHtml`, `safeCss` and `safeUrl`
This commit is contained in:
Anthony Fok
2015-01-19 23:41:22 -07:00
parent f5946ea3dd
commit 724cc0ddff
3 changed files with 137 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tpl/template_test.go
View File

@@ -898,7 +898,7 @@ func TestSafeHtmlAttr(t *testing.T) {
}
}
func TestSafeCSS(t *testing.T) {
func TestSafeCss(t *testing.T) {
for i, this := range []struct {
str string
tmplStr string
@@ -910,6 +910,7 @@ func TestSafeCSS(t *testing.T) {
tmpl, err := template.New("test").Parse(this.tmplStr)
if err != nil {
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
continue
}
buf := new(bytes.Buffer)
@@ -922,12 +923,47 @@ func TestSafeCSS(t *testing.T) {
}
buf.Reset()
err = tmpl.Execute(buf, SafeCSS(this.str))
err = tmpl.Execute(buf, SafeCss(this.str))
if err != nil {
t.Errorf("[%d] execute template with an escaped string value by SafeCSS returns unexpected error: %s", i, err)
t.Errorf("[%d] execute template with an escaped string value by SafeCss returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithEscape {
t.Errorf("[%d] execute template with an escaped string value by SafeCSS, got %v but expected %v", i, buf.String(), this.expectWithEscape)
t.Errorf("[%d] execute template with an escaped string value by SafeCss, got %v but expected %v", i, buf.String(), this.expectWithEscape)
}
}
}
func TestSafeUrl(t *testing.T) {
for i, this := range []struct {
str string
tmplStr string
expectWithoutEscape string
expectWithEscape string
}{
{`irc://irc.freenode.net/#golang`, `<a href="{{ . }}">IRC</a>`, `<a href="#ZgotmplZ">IRC</a>`, `<a href="irc://irc.freenode.net/#golang">IRC</a>`},
} {
tmpl, err := template.New("test").Parse(this.tmplStr)
if err != nil {
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
continue
}
buf := new(bytes.Buffer)
err = tmpl.Execute(buf, this.str)
if err != nil {
t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithoutEscape {
t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
}
buf.Reset()
err = tmpl.Execute(buf, SafeUrl(this.str))
if err != nil {
t.Errorf("[%d] execute template with an escaped string value by SafeUrl returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithEscape {
t.Errorf("[%d] execute template with an escaped string value by SafeUrl, got %v but expected %v", i, buf.String(), this.expectWithEscape)
}
}
}