2019-11-07 19:04:28 +05:30
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
2022-11-27 23:50:29 +05:30
|
|
|
// SPDX-License-Identifier: MIT
|
2019-11-07 19:04:28 +05:30
|
|
|
|
|
|
|
package templates
|
|
|
|
|
|
|
|
import (
|
2024-02-25 16:15:56 +05:30
|
|
|
"html/template"
|
2019-11-07 19:04:28 +05:30
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestSubjectBodySeparator(t *testing.T) {
|
|
|
|
test := func(input, subject, body string) {
|
|
|
|
loc := mailSubjectSplit.FindIndex([]byte(input))
|
|
|
|
if loc == nil {
|
|
|
|
assert.Empty(t, subject, "no subject found, but one expected")
|
|
|
|
assert.Equal(t, body, input)
|
|
|
|
} else {
|
2022-06-20 15:32:49 +05:30
|
|
|
assert.Equal(t, subject, input[0:loc[0]])
|
|
|
|
assert.Equal(t, body, input[loc[1]:])
|
2019-11-07 19:04:28 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
test("Simple\n---------------\nCase",
|
|
|
|
"Simple\n",
|
|
|
|
"\nCase")
|
|
|
|
test("Only\nBody",
|
|
|
|
"",
|
|
|
|
"Only\nBody")
|
|
|
|
test("Minimal\n---\nseparator",
|
|
|
|
"Minimal\n",
|
|
|
|
"\nseparator")
|
|
|
|
test("False --- separator",
|
|
|
|
"",
|
|
|
|
"False --- separator")
|
|
|
|
test("False\n--- separator",
|
|
|
|
"",
|
|
|
|
"False\n--- separator")
|
|
|
|
test("False ---\nseparator",
|
|
|
|
"",
|
|
|
|
"False ---\nseparator")
|
|
|
|
test("With extra spaces\n----- \t \nBody",
|
|
|
|
"With extra spaces\n",
|
|
|
|
"\nBody")
|
|
|
|
test("With leading spaces\n -------\nOnly body",
|
|
|
|
"",
|
|
|
|
"With leading spaces\n -------\nOnly body")
|
|
|
|
test("Multiple\n---\n-------\n---\nSeparators",
|
|
|
|
"Multiple\n",
|
|
|
|
"\n-------\n---\nSeparators")
|
2024-05-09 19:19:37 +05:30
|
|
|
test("Insufficient\n--\nSeparators",
|
2019-11-07 19:04:28 +05:30
|
|
|
"",
|
2024-05-09 19:19:37 +05:30
|
|
|
"Insufficient\n--\nSeparators")
|
2019-11-07 19:04:28 +05:30
|
|
|
}
|
2024-02-18 15:22:02 +05:30
|
|
|
|
|
|
|
func TestJSEscapeSafe(t *testing.T) {
|
|
|
|
assert.EqualValues(t, `\u0026\u003C\u003E\'\"`, JSEscapeSafe(`&<>'"`))
|
|
|
|
}
|
2024-02-25 16:15:56 +05:30
|
|
|
|
|
|
|
func TestHTMLFormat(t *testing.T) {
|
|
|
|
assert.Equal(t, template.HTML("<a>< < 1</a>"), HTMLFormat("<a>%s %s %d</a>", "<", template.HTML("<"), 1))
|
|
|
|
}
|
2024-03-01 15:46:19 +05:30
|
|
|
|
|
|
|
func TestSanitizeHTML(t *testing.T) {
|
|
|
|
assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
|
|
|
|
}
|