diff options
Diffstat (limited to 'core/src/test/java/org/owasp/encoder/JavaScriptEncoderTest.java')
-rw-r--r-- | core/src/test/java/org/owasp/encoder/JavaScriptEncoderTest.java | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/core/src/test/java/org/owasp/encoder/JavaScriptEncoderTest.java b/core/src/test/java/org/owasp/encoder/JavaScriptEncoderTest.java new file mode 100644 index 0000000..6ae349b --- /dev/null +++ b/core/src/test/java/org/owasp/encoder/JavaScriptEncoderTest.java @@ -0,0 +1,126 @@ +// Copyright (c) 2012 Jeff Ichnowski +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above +// copyright notice, this list of conditions and the following +// disclaimer. +// +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following +// disclaimer in the documentation and/or other materials +// provided with the distribution. +// +// * Neither the name of the OWASP nor the names of its +// contributors may be used to endorse or promote products +// derived from this software without specific prior written +// permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +// OF THE POSSIBILITY OF SUCH DAMAGE. + +package org.owasp.encoder; + +import junit.framework.Test; +import junit.framework.TestCase; +import junit.framework.TestSuite; +import org.owasp.encoder.JavaScriptEncoder.Mode; + +/** + * JavaScriptEncoderTest -- test suite for the JavaScriptEncoder. + * + * @author Jeff Ichnowski + */ +public class JavaScriptEncoderTest extends TestCase { + public static Test suite() { + TestSuite suite = new TestSuite(); + for (int asciiOnly = 0 ; asciiOnly <= 1 ; ++asciiOnly) { + for (JavaScriptEncoder.Mode mode : JavaScriptEncoder.Mode.values()) { +// if (!(mode == JavaScriptEncoder.Mode.HTML_CONTENT && asciiOnly == 0)) continue; + EncoderTestSuiteBuilder builder = new EncoderTestSuiteBuilder(new JavaScriptEncoder(mode, asciiOnly==1), "(safe)", "(\\)") + .encoded(0, 0x1f) + .valid(' ', '~') + .encoded("\\\'\""); + + switch (mode) { + case SOURCE: + case BLOCK: + builder + .encode("\\\"", "\"") + .encode("\\\'", "\'"); + break; + case HTML: + case ATTRIBUTE: + builder + .encode("\\x22", "\"") + .encode("\\x27", "\'"); + break; + default: + throw new AssertionError("unexpected mode: "+mode); + } + + switch (mode) { + case BLOCK: + case HTML: + builder + .encode("\\/", "/") + .encode("\\-", "-") + .encoded("/-"); + break; + default: + builder.encode("/", "/"); + break; + } + if (mode != Mode.SOURCE) { + builder.encoded("&"); + } + + builder + .encode("\\\\", "\\") + .encode("backspace", "\\b", "\b") + .encode("tab", "\\t", "\t") + .encode("LF", "\\n", "\n") + .encode("vtab", "\\x0b", "\u000b") + .encode("FF", "\\f", "\f") + .encode("CR", "\\r", "\r") + .encode("NUL", "\\x00", "\0") + .encode("Line Separator", "\\u2028", "\u2028") + .encode("Paragraph Separator", "\\u2029", "\u2029") + .encode("abc", "abc") + .encode("ABC", "ABC"); + + if (asciiOnly == 0) { + builder + .encode("unicode", "\u1234", "\u1234") + .encode("high-ascii", "\u00ff", "\u00ff") + .valid(0x7f, Character.MAX_CODE_POINT) + .encoded("\u2028\u2029"); + } else { + builder + .encode("unicode", "\\u1234", "\u1234") + .encode("high-ascii", "\\xff", "\u00ff") + .encoded(0x7f, Character.MAX_CODE_POINT); + } + + suite.addTest(builder + .validSuite() + .encodedSuite() + .build()); + } + } + return suite; + } +} |