require 'test_helper' require 'ostruct' require 'better_html/better_erb' require 'json' class BetterHtml::BetterErb::ImplementationTest < ActiveSupport::TestCase test "simple template rendering" do assert_equal "some value", render("<%= bar %>", locals: { bar: 'some value' }) end test "html_safe interpolation" do assert_equal "", render("<%= bar %>", locals: { bar: ''.html_safe }) end test "non html_safe interpolation" do assert_equal "<bar />", render("<%= bar %>", locals: { bar: '' }) end test "interpolate non-html_safe inside attribute is escaped" do assert_equal "", render("\">", locals: { value: ' \'">x ' }) end test "interpolate html_safe inside attribute is magically force-escaped" do e = assert_raises(BetterHtml::UnsafeHtmlError) do render("\">", locals: { value: ' \'">x '.html_safe }) end assert_equal "Detected invalid characters as part of the interpolation "\ "into a quoted attribute value. The value cannot contain the character \".", e.message end test "interpolate html_safe inside single quoted attribute" do config = build_config(allow_single_quoted_attributes: true) e = assert_raises(BetterHtml::UnsafeHtmlError) do render("\'>", config: config, locals: { value: ' \'">x '.html_safe }) end assert_equal "Detected invalid characters as part of the interpolation "\ "into a quoted attribute value. The value cannot contain the character '.", e.message end test "interpolate in attribute name" do assert_equal "", render("-foo>", locals: { value: "safe" }) end test "interpolate in attribute name with unsafe value with spaces" do e = assert_raises(BetterHtml::UnsafeHtmlError) do render("-foo>", locals: { value: "un safe" }) end assert_equal "Detected invalid characters as part of the interpolation "\ "into a attribute name around 'data-<%= value %>'.", e.message end test "interpolate in attribute name with unsafe value with equal sign" do e = assert_raises(BetterHtml::UnsafeHtmlError) do render("-foo>", locals: { value: "un=safe" }) end assert_equal "Detected invalid characters as part of the "\ "interpolation into a attribute name around 'data-<%= value %>'.", e.message end test "interpolate in attribute name with unsafe value with quote" do e = assert_raises(BetterHtml::UnsafeHtmlError) do render("-foo>", locals: { value: "un\"safe" }) end assert_equal "Detected invalid characters as part of the "\ "interpolation into a attribute name around 'data-<%= value %>'.", e.message end test "interpolate after an attribute name without a value" do assert_equal '', render(">") end test "interpolate after an attribute name with equal sign" do config = build_config(allow_unquoted_attributes: true) e = assert_raises(BetterHtml::DontInterpolateHere) do render(">", config: config) end assert_equal "Do not interpolate without quotes after "\ "attribute around 'data-foo=<%= html_attributes(foo: 'bar') %>'.", e.message end test "interpolate after an attribute value" do e = assert_raises(BetterHtml::DontInterpolateHere) do render(">") end assert_equal "Add a space after this attribute value. "\ "Instead of >"\ " try >.", e.message end test "interpolate in attribute without quotes" do config = build_config(allow_unquoted_attributes: true) e = assert_raises(BetterHtml::DontInterpolateHere) do render(">", config: config, locals: { value: "un safe" }) end assert_equal "Do not interpolate without quotes after "\ "attribute around 'href=<%= value %>'.", e.message end test "interpolate in attribute after value" do config = build_config(allow_unquoted_attributes: true) e = assert_raises(BetterHtml::DontInterpolateHere) do render(">", config: config, locals: { value: "" }) end assert_equal "Do not interpolate without quotes around this "\ "attribute value. Instead of > "\ "try \">.", e.message end test "interpolate in tag name" do assert_equal "", render("-foo>", locals: { value: "safe" }) end test "interpolate in tag name with space" do e = assert_raises(BetterHtml::UnsafeHtmlError) do render("-foo>", locals: { value: "un safe" }) end assert_equal "Detected invalid characters as part of the interpolation "\ "into a tag name around: >.", e.message end test "interpolate in tag name with slash" do e = assert_raises(BetterHtml::UnsafeHtmlError) do render("-foo>", locals: { value: "un/safe" }) end assert_equal "Detected invalid characters as part of the interpolation "\ "into a tag name around: >.", e.message end test "interpolate in tag name with end of tag" do e = assert_raises(BetterHtml::UnsafeHtmlError) do render("-foo>", locals: { value: ">