mirror/hugo
1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-08-16 20:53:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add SafeHtmlAttr, SafeCSS template function

Browse Source 
This allows a template user to keep a safe HTML attribute or CSS string
as is in a template.

This is implementation of @anthonyfok great insight

Fix #784, #347
This commit is contained in:
Tatsushi Demachi
2015-01-20 08:55:16 +09:00
committed by Anthony Fok
parent 53b4ab4cf3
commit f5946ea3dd
2 changed files with 150 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
tpl/template_test.go
View File

@@ -1,6 +1,7 @@
package tpl
import (
"bytes"
"errors"
"fmt"
"html/template"
@@ -826,3 +827,107 @@ func TestMarkdownify(t *testing.T) {
t.Errorf("Markdownify: got '%s', expected '%s'", result, expect)
}
}
func TestSafeHtml(t *testing.T) {
for i, this := range []struct {
str string
tmplStr string
expectWithoutEscape string
expectWithEscape string
}{
{`<div></div>`, `{{ . }}`, `&lt;div&gt;&lt;/div&gt;`, `<div></div>`},
} {
tmpl, err := template.New("test").Parse(this.tmplStr)
if err != nil {
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
continue
}
buf := new(bytes.Buffer)
err = tmpl.Execute(buf, this.str)
if err != nil {
t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithoutEscape {
t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
}
buf.Reset()
err = tmpl.Execute(buf, SafeHtml(this.str))
if err != nil {
t.Errorf("[%d] execute template with an escaped string value by SafeHtml returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithEscape {
t.Errorf("[%d] execute template with an escaped string value by SafeHtml, got %v but expected %v", i, buf.String(), this.expectWithEscape)
}
}
}
func TestSafeHtmlAttr(t *testing.T) {
for i, this := range []struct {
str string
tmplStr string
expectWithoutEscape string
expectWithEscape string
}{
{`href="irc://irc.freenode.net/#golang"`, `<a {{ . }}>irc</a>`, `<a ZgotmplZ>irc</a>`, `<a href="irc://irc.freenode.net/#golang">irc</a>`},
} {
tmpl, err := template.New("test").Parse(this.tmplStr)
if err != nil {
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
continue
}
buf := new(bytes.Buffer)
err = tmpl.Execute(buf, this.str)
if err != nil {
t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithoutEscape {
t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
}
buf.Reset()
err = tmpl.Execute(buf, SafeHtmlAttr(this.str))
if err != nil {
t.Errorf("[%d] execute template with an escaped string value by SafeHtmlAttr returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithEscape {
t.Errorf("[%d] execute template with an escaped string value by SafeHtmlAttr, got %v but expected %v", i, buf.String(), this.expectWithEscape)
}
}
}
func TestSafeCSS(t *testing.T) {
for i, this := range []struct {
str string
tmplStr string
expectWithoutEscape string
expectWithEscape string
}{
{`width: 60px;`, `<div style="{{ . }}"></div>`, `<div style="ZgotmplZ"></div>`, `<div style="width: 60px;"></div>`},
} {
tmpl, err := template.New("test").Parse(this.tmplStr)
if err != nil {
t.Errorf("[%d] unable to create new html template %q: %s", this.tmplStr, err)
}
buf := new(bytes.Buffer)
err = tmpl.Execute(buf, this.str)
if err != nil {
t.Errorf("[%d] execute template with a raw string value returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithoutEscape {
t.Errorf("[%d] execute template with a raw string value, got %v but expected %v", i, buf.String(), this.expectWithoutEscape)
}
buf.Reset()
err = tmpl.Execute(buf, SafeCSS(this.str))
if err != nil {
t.Errorf("[%d] execute template with an escaped string value by SafeCSS returns unexpected error: %s", i, err)
}
if buf.String() != this.expectWithEscape {
t.Errorf("[%d] execute template with an escaped string value by SafeCSS, got %v but expected %v", i, buf.String(), this.expectWithEscape)
}
}
}