<?php
/**
* PHPTAL templating engine
*
* PHP Version 5
*
* @category HTML
* @package PHPTAL
* @author Laurent Bedubourg <hide@address.com>
* @author Kornel LesiÅski <hide@address.com>
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
* @version SVN: $Id: EscapeHTMLTest.php 888 2010-06-08 09:48:33Z kornel $
* @link http://phptal.org/
*/
class EscapeHTMLTest extends PHPTAL_TestCase {
private function executeString($str, $params = array())
{
$tpl = $this->newPHPTAL();
foreach ($params as $k => $v) $tpl->set($k, $v);
$tpl->setSource($str);
return $tpl->execute();
}
function testDoesEscapeHTMLContent(){
$tpl = $this->newPHPTAL('input/escape.html');
$exp = normalize_html_file('output/escape.html');
$res = normalize_html($tpl->execute());
$this->assertEquals($exp, $res);
}
function testEntityDecodingPath1()
{
$res = $this->executeString('<div title=""" class=\'"\' tal:content="\'" quote character\'" />');
$this->assertNotContains('&', $res);
}
function testEntityDecodingBeforePHP()
{
/* PHP block in attributes gets raw input (that's not XML style, but PHP style) */
$res = $this->executeString('<div title="${php:strlen(\'"&\')}" class="<?php echo strlen(\'"&\')?>">'.
'<tal:block tal:content="php:strlen(\'"&\')" />,${php:strlen(\'"&\')}</div>');
$this->assertEquals('<div title="2" class="11">2,2</div>', $res);
}
function testEntityEncodingAfterPHP()
{
$res = $this->executeString('<div title="${php:urldecode(\'%26%22%3C\')}"><tal:block tal:content="php:urldecode(\'%26%22%3C\')" />,${php:urldecode(\'%26%22%3C\')}</div>');
$this->assertEquals('<div title="&"<">&"<,&"<</div>', $res);
}
function testNoEntityEncodingAfterStructurePHP()
{
$res = $this->executeString('<div title="${structure php:urldecode(\'%26%20%3E%27\')}" class="<?php echo urldecode(\'%26%20%3E%27\')?>">'.
'<tal:block tal:content="structure php:urldecode(\'%26%20%3E%22\')" />,${structure php:urldecode(\'%26%20%3E%22\')},<?php echo urldecode(\'%26%20%3E%22\')?></div>');
$this->assertEquals('<div title="& >\'" class="& >\'">& >",& >",& >"</div>', $res);
}
function testDecodingBeforeStructure()
{
$res = $this->executeString('<div tal:content="structure php:\'& quote character\'" />');
$this->assertNotContains('&', $res);
}
function testEntityDecodingPHP1()
{
$res = $this->executeString('<div tal:content="php:\'" quote character\'" />');
$this->assertNotContains('&', $res);
}
function testEntityDecodingPath2()
{
$res = $this->executeString('<div tal:attributes="title \'" quote character\'" />');
$this->assertNotContains('&', $res);
}
function testEntityDecodingPHP2()
{
$res = $this->executeString('<div tal:attributes="title php:\'" quote character\'" />');
$this->assertNotContains('&', $res);
}
function testEntityDecodingPath3()
{
$res = $this->executeString('<p>${\'" quote character\'}</p>');
$this->assertNotContains('&', $res);
}
function testEntityDecodingPHP3()
{
$res = $this->executeString('<p>${php:\'" quote character\'}</p>');
$this->assertNotContains('&', $res);
}
function testEntityEncodingPath1()
{
$res = $this->executeString('<div tal:content="\'& ampersand character\'" />');
$this->assertContains('&', $res);
$this->assertNotContains('&amp;', $res);
$this->assertNotContains('&&', $res);
}
function testEntityEncodingPHP1()
{
$res = $this->executeString('<div tal:content="php:\'& ampersand character\'" />');
$this->assertContains('&', $res);
$this->assertNotContains('&amp;', $res);
$this->assertNotContains('&&', $res);
}
function testEntityEncodingPath2()
{
$res = $this->executeString('<div tal:attributes="title \'& ampersand character\'" />');
$this->assertContains('&', $res);
$this->assertNotContains('&amp;', $res);
$this->assertNotContains('&&', $res);
}
function testEntityEncodingVariables()
{
$res = $this->executeString('<div tal:attributes="title variable; class variable">${variable}${php:variable}</div>',
array('variable'=>'& = ampersand, " = quote, \' = apostrophe'));
$this->assertContains('&',$res);
$this->assertNotContains('&amp;',$res);
$this->assertNotContains('&&',$res);
}
function testEntityEncodingAttributesDefault1()
{
$res = $this->executeString('<div tal:attributes="title idontexist | default" title=\'& ampersand character\' />');
$this->assertContains('&', $res);
$this->assertNotContains('&amp;', $res);
$this->assertNotContains('&&', $res);
}
function testEntityEncodingAttributesDefault2()
{
$res = $this->executeString('<div tal:attributes="title idontexist | default" title=\'"'\' />');
$this->assertNotContains('&', $res);
$this->assertContains('"', $res); // or apos...
}
function testEntityEncodingPHP2()
{
$res = $this->executeString('<div tal:attributes="title php:\'& ampersand character\'" />');
$this->assertContains('&', $res);
$this->assertNotContains('&amp;', $res);
$this->assertNotContains('&&', $res);
}
function testEntityEncodingPath3()
{
$res = $this->executeString('<p>${\'& ampersand character\'}</p>');
$this->assertContains('&', $res);
$this->assertNotContains('&amp;', $res);
$this->assertNotContains('&&', $res);
}
function testEntityEncodingPHP3()
{
$res = $this->executeString('<p>&{php:\'& ampersand character\'}</p>');
$this->assertContains('&', $res);
$this->assertNotContains('&amp;', $res);
$this->assertNotContains('&&', $res);
}
function testSimpleXML()
{
$tpl = $this->newPHPTAL();
$tpl->setSource('<p>${x} ${y}</p>');
$simplexml = new SimpleXMLElement('<foo title="bar&<" empty="">foo&<</foo>');
$tpl->x = $simplexml['title'];
$tpl->y = $simplexml['empty'];
$this->assertEquals('<p>bar&< </p>', $tpl->execute());
}
function testStructureSimpleXML()
{
$tpl = $this->newPHPTAL();
$tpl->setSource('<p>${structure x} ${structure y}</p>');
$simplexml = new SimpleXMLElement('<foo title="bar&<" empty="">foo&<</foo>');
$tpl->x = $simplexml['title'];
$tpl->y = $simplexml['empty'];
$this->assertEquals('<p>bar&< </p>', $tpl->execute());
}
function testUnicodeUnescaped()
{
$tpl = $this->newPHPTAL();
$tpl->World = '${World}'; // a quine! ;)
$tpl->setSource($src = '<p>Hello â${World}!â</p>');
$this->assertEquals($src, $tpl->execute());
}
}