require 'runit/testcase' require 'amrita/format' require 'amrita/node_expand' require 'amrita/parser' $print_result = false class TestFormat < RUNIT::TestCase include Amrita Html1 = <<-END

title will be inserted here

body text will be inserted here

END XHtml1 = <<-END xhtml sample

title

body text

END def test_formatter ret = "" f = Formatter.new(ret) assert_equal('x="1"', f.format_attrs(a(:x, 1))) assert_equal('x="1" y="2"', f.format_attrs(a(:x, 1, :y, 2))) e = e(:abc,a(:x, 1, :y, 2)) assert_equal('', f.format_start_tag(e)) assert_equal('', f.format_end_tag(e)) assert_equal('', f.format_single_tag(e)) f.asxml = true assert_equal('', f.format_single_tag(e)) end def test_asisformatter tmpl = HtmlParser.parse_text Html1 ret = "" f = AsIsFormatter.new(ret) f.format(tmpl) assert_equal(Html1, ret) tmpl = HtmlParser.parse_text XHtml1 ret = "" f = AsIsFormatter.new(ret) f.asxml = true f.format(tmpl) assert_equal(XHtml1, ret) end def test_singlelineformatter tmpl = HtmlParser.parse_text Html1 ret = "" f = SingleLineFormatter.new(ret) f.format(tmpl) assert_equal('

title will be inserted here

body text will be inserted here

', ret) end def test_prettyprintformatter tmpl = HtmlParser.parse_text Html1 ret = "" f = PrettyPrintFormatter.new(ret) f.format(tmpl) assert_equal(<

title will be inserted here

body text will be inserted here

END end def test_attr_filter tmpl = HtmlParser.parse_text '

xxxxx

' ret = "" f = SingleLineFormatter.new(ret) f.set_attr_filter(:__id=>:id, :klass=>:class) assert_equal('id="xxx"', f.format_attrs(a(:__id=>"xxx"))) f.format(tmpl) assert_equal('

xxxxx

', ret) end def w3m(str) %x[echo #{str.inspect} | w3m -T text/html -dump].chomp end def test_sanitizer assert_equal("abc", Sanitizer::sanitize_text("abc")) assert_equal("efg", Sanitizer::sanitize_attribute_value("efg")) assert_equal("hij", Sanitizer::sanitize_url("hij")) assert_equal("<abc>", Sanitizer::sanitize_text("")) assert_equal("", w3m(Sanitizer::sanitize_text(""))) assert_equal("a & b", Sanitizer::sanitize_text("a & b")) assert_equal("a & b", w3m(Sanitizer::sanitize_text("a & b"))) assert_equal('<x a="xyz">'</x>', Sanitizer::sanitize_attribute_value('\'')) assert_equal('\'', w3m(Sanitizer::sanitize_attribute_value('\''))) assert_equal('http://www.ruby-lang.org/', Sanitizer::sanitize_url("http://www.ruby-lang.org/")) assert_equal('https://www.ruby-lang.org/', Sanitizer::sanitize_url("https://www.ruby-lang.org/")) assert_equal('ftp://www.ruby-lang.org/', Sanitizer::sanitize_url("ftp://www.ruby-lang.org/")) assert_equal('http://www.ruby-lang.org/#', Sanitizer::sanitize_url("http://www.ruby-lang.org/#")) assert_equal(nil, Sanitizer::sanitize_url("javascript://www.ruby-lang.org/")) assert_equal(nil, Sanitizer::sanitize_url("about://www.ruby-lang.org/")) assert_equal(''&', Sanitizer::sanitize_url("'&")) assert_equal("'aaa'&'bbb'", w3m(Sanitizer::sanitize_url("'aaa'&'bbb'"))) nbsp_str= 'a b' assert_equal(nbsp_str, nbsp_str.amrita_sanitize) assert_equal(nbsp_str, nbsp_str.amrita_sanitize_as_attribute) assert_equal('a b', w3m(nbsp_str.amrita_sanitize)) end def test_sanitizer2 tmpl = HtmlParser.parse_text 'xx' xss_atack1 = %q[http://www.ruby-lang.org/">] #" s = format_inline({ :aaaa=>a(:href=>xss_atack1) { "&" }, }) { tmpl } assert_equal('<x>&', s) xss_atack2 = %q[javascript:alert('hello')] s = format_inline({ :aaaa=>a(:href=>xss_atack2) { "xxxx" }, }) { tmpl } assert_equal('xxxx', s) tmpl_img = HtmlParser.parse_text '' s = format_inline({ :aaaa=>a(:src=>xss_atack1) }) { tmpl_img } assert_equal('', s) s = format_inline({ :aaaa=>a(:src=>xss_atack2) }) { tmpl_img } assert_equal('', s) end def test_sanitizer3 tmpl = HtmlParser.parse_text 'xxx' s = format_inline( { :aaaa=> '' }) { tmpl } assert_equal('<yyy>', s) # disabel sanitizer by noescape s = format_inline( { :aaaa=> noescape { '' } }) { tmpl } assert_equal('', s) x = '\'' assert_equal('<x a="xyz">'</x>', x.amrita_sanitize_as_attribute) t = HtmlParser.parse_text x.amrita_sanitize_as_attribute assert_equal(x, noescape { t }.to_s) assert_equal(x.amrita_sanitize, format_inline { t } ) s = format_inline { e(:xxx) { x } } t = HtmlParser.parse_text s assert_equal(e(:xxx) { x }, t) end def test_sanitizedstring s1 = "" assert_equal("<xxx>", format_inline{s1}) assert_equal("", format_inline{SanitizedString[s1]}) end def test_preformat1 tmpl = HtmlParser.parse_text "

xxxx

" f = AsIsFormatter.new(nil) r = tmpl.pre_format(f).result assert(r.kind_of?(Amrita::SanitizedString)) assert_equal('

xxxx

', r) tmpl = HtmlParser.parse_text "

xxxx

" f = AsIsFormatter.new(nil) r = tmpl.pre_format(f).result assert_equal(Element, r.type) assert_equal('e(:p,a(:id, "x")) { "xxxx" }', r.to_ruby) tmpl = HtmlParser.parse_text "

xxxx

yyyy

" f = AsIsFormatter.new(nil) r = tmpl.pre_format(f).result assert_equal(Array, r.type) assert_equal('

xxxx

', r[0]) assert_equal('e(:p,a(:id, "x")) { "yyyy" }', r[1].to_ruby) tmpl = HtmlParser.parse_text "

xxxx

yyyy

" f = AsIsFormatter.new(nil) r = tmpl.pre_format(f).result assert_equal(Array, r.type) assert_equal('e(:p,a(:id, "x")) { "xxxx" }', r[0].to_ruby) assert_equal('

yyyy

', r[1]) tmpl = HtmlParser.parse_text "xxxyyyzzz" f = AsIsFormatter.new(nil) r = tmpl.pre_format(f).result assert_equal(Amrita::SanitizedString, r.type) assert_equal('xxxyyyzzz', r) tmpl = HtmlParser.parse_text "

xxxyyyzzz

" f = AsIsFormatter.new(nil) r = tmpl.pre_format(f).result assert_equal(Element, r.type) assert_equal('xxxyyyzzz', r.body.to_s) end def check_preformat(formatter, node, data=nil) ans = "" if data formatter.format(node.expand(data), ans) else formatter.format(node, ans) end result = "" pre = node.pre_format(formatter).result_as_top if data formatter.format(pre.expand(data), result) else formatter.format(pre, result) end if $print_result puts "------------------------------------" print result puts "\n------------------------------------" end assert_equal(ans, result) # pre_formating nodes already pre_formatted should make same result result2 = "" pre = pre.pre_format(formatter).result_as_top formatter.format(pre, result2) end def test_preformat2 tmpl = HtmlParser.parse_text Html1 check_preformat(AsIsFormatter.new, tmpl) check_preformat(SingleLineFormatter.new, tmpl) assert_exception(RuntimeError) { check_preformat(PrettyPrintFormatter.new, tmpl) } end def test_preformat3 tmpl = HtmlParser.parse_text Html1 data = { :title=>"title", :body=>"pre_format test" } check_preformat(AsIsFormatter.new, tmpl, data) check_preformat(SingleLineFormatter.new, tmpl) end def test_preformat_with_expand_attr f = AsIsFormatter.new tmpl = HtmlParser.parse_text 'yyy' pre = tmpl.pre_format(f).result assert_equal(Amrita::SanitizedString, pre.type) assert_equal('yyy', pre) pre = tmpl.pre_format(f, true).result assert_equal(Amrita::Element, pre.type) assert_equal(e(:a,a(:href, "@xxx")) { "yyy" }, pre) data = { :xxx=>"http://www.ruby-lang.org/" } assert_equal(e(:a,a(:href, "@xxx")) { "yyy" }, pre.expand(data)) assert_equal(tmpl.expand(data), pre.expand(data)) context = Amrita::ExpandContext.new context.expand_attr = true assert_equal(e(:a,a(:href, "http://www.ruby-lang.org/")) { "yyy" }, pre.expand(data, context)) assert_equal(tmpl.expand(data, context), pre.expand(data, context)) end def test_taginfo tmpl = HtmlParser.parse_text Html1 ret = "" f = PrettyPrintFormatter.new(ret) f.format(tmpl) assert_equal(<

title will be inserted here

body text will be inserted here

END taginfo = HtmlTagInfo.new taginfo[:p].pptype = 1 ret = "" f = PrettyPrintFormatter.new(ret,taginfo) f.format(tmpl) assert_equal(<

title will be inserted here

body text will be inserted here

END taginfo = TagInfo.new taginfo[:html].pptype = 1 taginfo[:body].pptype = 2 ret = "" f = PrettyPrintFormatter.new(ret,taginfo) f.format(tmpl) assert_equal(<

title will be inserted here

body text will be inserted here

END end end #--- main program ---- if __FILE__ == $0 require 'runit/cui/testrunner' if ARGV.size == 0 RUNIT::CUI::TestRunner.run(TestFormat.suite) else ARGV.each do |method| RUNIT::CUI::TestRunner.run(TestFormat.new(method)) end end end