Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
爱吃血肠
spring-framework
提交
2c504012
S
spring-framework
项目概览
爱吃血肠
/
spring-framework
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-framework
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
2c504012
编写于
7月 27, 2011
作者:
J
Juergen Hoeller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
HtmlUtils properly escapes single quotes as well
上级
38837edd
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
41 addition
and
32 deletion
+41
-32
org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/tags/HtmlEscapeTagTests.java
.../springframework/web/servlet/tags/HtmlEscapeTagTests.java
+6
-6
org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/tags/MessageTagTests.java
...org/springframework/web/servlet/tags/MessageTagTests.java
+2
-3
org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/tags/form/FormTagTests.java
...g/springframework/web/servlet/tags/form/FormTagTests.java
+2
-2
org.springframework.web/src/test/java/org/springframework/web/bind/EscapedErrorsTests.java
...java/org/springframework/web/bind/EscapedErrorsTests.java
+13
-10
org.springframework.web/src/test/java/org/springframework/web/util/HtmlCharacterEntityReferencesTests.java
...ramework/web/util/HtmlCharacterEntityReferencesTests.java
+18
-11
未找到文件。
org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/tags/HtmlEscapeTagTests.java
浏览文件 @
2c504012
/*
* Copyright 2002-20
05
the original author or authors.
*
* Copyright 2002-20
11
the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* http://www.apache.org/licenses/LICENSE-2.0
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
...
...
@@ -18,8 +18,8 @@ package org.springframework.web.servlet.tags;
import
javax.servlet.jsp.JspException
;
import
javax.servlet.jsp.PageContext
;
import
javax.servlet.jsp.tagext.Tag
;
import
javax.servlet.jsp.tagext.BodyTag
;
import
javax.servlet.jsp.tagext.Tag
;
import
org.springframework.mock.web.MockServletContext
;
import
org.springframework.web.util.WebUtils
;
...
...
@@ -176,7 +176,7 @@ public class HtmlEscapeTagTests extends AbstractTagTests {
tag
.
setJavaScriptEscape
(
"true"
);
assertEquals
(
BodyTag
.
EVAL_BODY_BUFFERED
,
tag
.
doStartTag
());
assertEquals
(
Tag
.
SKIP_BODY
,
tag
.
doAfterBody
());
assertEquals
(
"Correct content"
,
"
\\'
test & text \\\\"
,
result
.
toString
());
assertEquals
(
"Correct content"
,
"
'
test & text \\\\"
,
result
.
toString
());
}
}
org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/tags/MessageTagTests.java
浏览文件 @
2c504012
/*
* Copyright 2002-20
07
the original author or authors.
* Copyright 2002-20
11
the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -19,7 +19,6 @@ package org.springframework.web.servlet.tags;
import
java.util.Arrays
;
import
java.util.List
;
import
java.util.Locale
;
import
javax.servlet.ServletException
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.jsp.JspException
;
...
...
@@ -347,7 +346,7 @@ public class MessageTagTests extends AbstractTagTests {
tag
.
setHtmlEscape
(
"true"
);
tag
.
setJavaScriptEscape
(
"true"
);
assertTrue
(
"Correct doStartTag return value"
,
tag
.
doStartTag
()
==
Tag
.
EVAL_BODY_INCLUDE
);
assertEquals
(
"Correct message"
,
"
\\'
test & text \\\\"
,
message
.
toString
());
assertEquals
(
"Correct message"
,
"
'
test & text \\\\"
,
message
.
toString
());
}
public
void
testMessageWithVarAndScope
()
throws
JspException
{
...
...
org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/tags/form/FormTagTests.java
浏览文件 @
2c504012
/*
* Copyright 2002-20
08
the original author or authors.
* Copyright 2002-20
11
the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -174,7 +174,7 @@ public class FormTagTests extends AbstractHtmlElementTagTests {
String
xssQueryString
=
QUERY_STRING
+
"&stuff=\"><script>alert('XSS!')</script>"
;
request
.
setQueryString
(
xssQueryString
);
tag
.
doStartTag
();
assertEquals
(
"<form id=\"command\" action=\"/my/form?foo=bar&stuff="><script>alert(
'XSS!'
)</script>\" method=\"post\">"
,
assertEquals
(
"<form id=\"command\" action=\"/my/form?foo=bar&stuff="><script>alert(
'XSS!'
)</script>\" method=\"post\">"
,
getOutput
());
}
...
...
org.springframework.web/src/test/java/org/springframework/web/bind/EscapedErrorsTests.java
浏览文件 @
2c504012
/*
* Copyright 2002-20
06
the original author or authors.
* Copyright 2002-20
11
the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -16,7 +16,7 @@
package
org.springframework.web.bind
;
import
junit.framework.TestCase
;
import
org.junit.Test
;
import
org.springframework.beans.TestBean
;
import
org.springframework.validation.BindException
;
...
...
@@ -24,12 +24,15 @@ import org.springframework.validation.Errors;
import
org.springframework.validation.FieldError
;
import
org.springframework.validation.ObjectError
;
import
static
org
.
junit
.
Assert
.*;
/**
* @author Juergen Hoeller
* @since 02.05.2003
*/
public
class
EscapedErrorsTests
extends
TestCase
{
public
class
EscapedErrorsTests
{
@Test
public
void
testEscapedErrors
()
{
TestBean
tb
=
new
TestBean
();
tb
.
setName
(
"empty &"
);
...
...
@@ -47,11 +50,11 @@ public class EscapedErrorsTests extends TestCase {
assertTrue
(
"Correct global errors flag"
,
errors
.
hasGlobalErrors
());
assertTrue
(
"Correct number of global errors"
,
errors
.
getGlobalErrorCount
()
==
1
);
ObjectError
globalError
=
errors
.
getGlobalError
();
assertTrue
(
"Global error message escaped"
,
"message: "
'
"
.
equals
(
globalError
.
getDefaultMessage
()));
assertTrue
(
"Global error message escaped"
,
"message: "
'
"
.
equals
(
globalError
.
getDefaultMessage
()));
assertTrue
(
"Global error code not escaped"
,
"GENERAL_ERROR \" '"
.
equals
(
globalError
.
getCode
()));
ObjectError
globalErrorInList
=
(
ObjectError
)
errors
.
getGlobalErrors
().
get
(
0
);
ObjectError
globalErrorInList
=
errors
.
getGlobalErrors
().
get
(
0
);
assertTrue
(
"Same global error in list"
,
globalError
.
getDefaultMessage
().
equals
(
globalErrorInList
.
getDefaultMessage
()));
ObjectError
globalErrorInAllList
=
(
ObjectError
)
errors
.
getAllErrors
().
get
(
3
);
ObjectError
globalErrorInAllList
=
errors
.
getAllErrors
().
get
(
3
);
assertTrue
(
"Same global error in list"
,
globalError
.
getDefaultMessage
().
equals
(
globalErrorInAllList
.
getDefaultMessage
()));
assertTrue
(
"Correct field errors flag"
,
errors
.
hasFieldErrors
());
...
...
@@ -60,7 +63,7 @@ public class EscapedErrorsTests extends TestCase {
FieldError
fieldError
=
errors
.
getFieldError
();
assertTrue
(
"Field error code not escaped"
,
"NAME_EMPTY &"
.
equals
(
fieldError
.
getCode
()));
assertTrue
(
"Field value escaped"
,
"empty &"
.
equals
(
errors
.
getFieldValue
(
"name"
)));
FieldError
fieldErrorInList
=
(
FieldError
)
errors
.
getFieldErrors
().
get
(
0
);
FieldError
fieldErrorInList
=
errors
.
getFieldErrors
().
get
(
0
);
assertTrue
(
"Same field error in list"
,
fieldError
.
getDefaultMessage
().
equals
(
fieldErrorInList
.
getDefaultMessage
()));
assertTrue
(
"Correct name errors flag"
,
errors
.
hasFieldErrors
(
"name"
));
...
...
@@ -70,7 +73,7 @@ public class EscapedErrorsTests extends TestCase {
assertTrue
(
"Name error message escaped"
,
"message: &"
.
equals
(
nameError
.
getDefaultMessage
()));
assertTrue
(
"Name error code not escaped"
,
"NAME_EMPTY &"
.
equals
(
nameError
.
getCode
()));
assertTrue
(
"Name value escaped"
,
"empty &"
.
equals
(
errors
.
getFieldValue
(
"name"
)));
FieldError
nameErrorInList
=
(
FieldError
)
errors
.
getFieldErrors
(
"name"
).
get
(
0
);
FieldError
nameErrorInList
=
errors
.
getFieldErrors
(
"name"
).
get
(
0
);
assertTrue
(
"Same name error in list"
,
nameError
.
getDefaultMessage
().
equals
(
nameErrorInList
.
getDefaultMessage
()));
assertTrue
(
"Correct age errors flag"
,
errors
.
hasFieldErrors
(
"age"
));
...
...
@@ -80,9 +83,9 @@ public class EscapedErrorsTests extends TestCase {
assertTrue
(
"Age error message escaped"
,
"message: <tag>"
.
equals
(
ageError
.
getDefaultMessage
()));
assertTrue
(
"Age error code not escaped"
,
"AGE_NOT_SET <tag>"
.
equals
(
ageError
.
getCode
()));
assertTrue
(
"Age value not escaped"
,
(
new
Integer
(
0
)).
equals
(
errors
.
getFieldValue
(
"age"
)));
FieldError
ageErrorInList
=
(
FieldError
)
errors
.
getFieldErrors
(
"age"
).
get
(
0
);
FieldError
ageErrorInList
=
errors
.
getFieldErrors
(
"age"
).
get
(
0
);
assertTrue
(
"Same name error in list"
,
ageError
.
getDefaultMessage
().
equals
(
ageErrorInList
.
getDefaultMessage
()));
FieldError
ageError2
=
(
FieldError
)
errors
.
getFieldErrors
(
"age"
).
get
(
1
);
FieldError
ageError2
=
errors
.
getFieldErrors
(
"age"
).
get
(
1
);
assertTrue
(
"Age error 2 message escaped"
,
"message: <tag>"
.
equals
(
ageError2
.
getDefaultMessage
()));
assertTrue
(
"Age error 2 code not escaped"
,
"AGE_NOT_32 <tag>"
.
equals
(
ageError2
.
getCode
()));
}
...
...
org.springframework.web/src/test/java/org/springframework/web/util/HtmlCharacterEntityReferencesTests.java
浏览文件 @
2c504012
/*
* Copyright 2002-20
05
the original author or authors.
* Copyright 2002-20
11
the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -24,16 +24,19 @@ import java.io.StreamTokenizer;
import
java.util.HashMap
;
import
java.util.Map
;
import
junit.framework.TestCase
;
import
org.junit.Test
;
import
static
org
.
junit
.
Assert
.*;
/**
* @author Martin Kersten
* @author Juergen Hoeller
*/
public
class
HtmlCharacterEntityReferencesTests
extends
TestCase
{
public
class
HtmlCharacterEntityReferencesTests
{
private
static
final
String
DTD_FILE
=
"HtmlCharacterEntityReferences.dtd"
;
@Test
public
void
testSupportsAllCharacterEntityReferencesDefinedByHtml
()
{
HtmlCharacterEntityReferences
entityReferences
=
new
HtmlCharacterEntityReferences
();
Map
referenceCharactersMap
=
getReferenceCharacterMap
();
...
...
@@ -49,8 +52,12 @@ public class HtmlCharacterEntityReferencesTests extends TestCase {
entityReferences
.
isMappedToReference
((
char
)
character
));
assertEquals
(
"The reference of unicode character "
+
character
+
" should be entity "
+
referenceName
,
fullReference
,
entityReferences
.
convertToReference
((
char
)
character
));
assertEquals
(
"The entity reference ["
+
referenceName
+
"] should be mapped to unicode character "
+
character
,
(
char
)
character
,
entityReferences
.
convertToCharacter
(
referenceName
));
assertEquals
(
"The entity reference ["
+
referenceName
+
"] should be mapped to unicode character "
+
character
,
(
char
)
character
,
entityReferences
.
convertToCharacter
(
referenceName
));
}
else
if
(
character
==
39
)
{
assertTrue
(
entityReferences
.
isMappedToReference
((
char
)
character
));
assertEquals
(
"'"
,
entityReferences
.
convertToReference
((
char
)
character
));
}
else
{
assertFalse
(
"The unicode character "
+
character
+
" should not be mapped to a reference"
,
...
...
@@ -61,17 +68,17 @@ public class HtmlCharacterEntityReferencesTests extends TestCase {
}
assertEquals
(
"The registered entity count of entityReferences should match the number of entity references"
,
referenceCharactersMap
.
size
(),
entityReferences
.
getSupportedReferenceCount
());
assertEquals
(
"The HTML 4.0 Standard defines 252 entity references so do entityReferences"
,
252
,
entityReferences
.
getSupportedReferenceCount
());
referenceCharactersMap
.
size
()
+
1
,
entityReferences
.
getSupportedReferenceCount
());
assertEquals
(
"The HTML 4.0 Standard defines 252
+1
entity references so do entityReferences"
,
252
+
1
,
entityReferences
.
getSupportedReferenceCount
());
assertEquals
(
"Invalid entity reference names should not be convert
a
ble"
,
assertEquals
(
"Invalid entity reference names should not be convert
i
ble"
,
(
char
)
-
1
,
entityReferences
.
convertToCharacter
(
"invalid"
));
}
private
Map
getReferenceCharacterMap
()
{
CharacterEntityResourceIterator
entityIterator
=
new
CharacterEntityResourceIterator
();
Map
referencedCharactersMap
=
new
HashMap
();
Map
<
Integer
,
String
>
referencedCharactersMap
=
new
HashMap
<
Integer
,
String
>
();
while
(
entityIterator
.
hasNext
())
{
int
character
=
entityIterator
.
getReferredCharacter
();
String
entityName
=
entityIterator
.
nextEntry
();
...
...
@@ -103,7 +110,7 @@ public class HtmlCharacterEntityReferencesTests extends TestCase {
}
public
boolean
hasNext
()
{
return
(
currentEntityName
!=
null
?
true
:
readNextEntity
());
return
(
currentEntityName
!=
null
||
readNextEntity
());
}
public
String
nextEntry
()
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录