require File.expand_path("../../helper", __FILE__) class MyCustomHtmlSafeString < String end class HtmlEscapeTest < Minitest::Test def test_escape_source_encoding_is_maintained source = 'foobar' str = EscapeUtils.escape_html_as_html_safe(source) assert_equal source.encoding, str.encoding end def test_escape_binary_encoding_is_maintained source = 'foobar'.b str = EscapeUtils.escape_html_as_html_safe(source) assert_equal source.encoding, str.encoding end def test_escape_uft8_encoding_is_maintained source = 'foobar'.encode 'UTF-8' str = EscapeUtils.escape_html_as_html_safe(source) assert_equal source.encoding, str.encoding end def test_escape_us_ascii_encoding_is_maintained source = 'foobar'.encode 'US-ASCII' str = EscapeUtils.escape_html_as_html_safe(source) assert_equal source.encoding, str.encoding end def test_escape_basic_html_with_secure assert_equal "<some_tag/>", EscapeUtils.escape_html("") secure_before = EscapeUtils.html_secure EscapeUtils.html_secure = true assert_equal "<some_tag/>", EscapeUtils.escape_html("") EscapeUtils.html_secure = secure_before end def test_escape_basic_html_without_secure assert_equal "<some_tag/>", EscapeUtils.escape_html("", false) secure_before = EscapeUtils.html_secure EscapeUtils.html_secure = false assert_equal "<some_tag/>", EscapeUtils.escape_html("") EscapeUtils.html_secure = secure_before end def test_escape_double_quotes assert_equal "<some_tag some_attr="some value"/>", EscapeUtils.escape_html("") end def test_escape_single_quotes assert_equal "<some_tag some_attr='some value'/>", EscapeUtils.escape_html("") end def test_escape_ampersand assert_equal "<b>Bourbon & Branch</b>", EscapeUtils.escape_html("Bourbon & Branch") end def test_returns_original_if_not_escaped str = 'foobar' assert_equal str.object_id, EscapeUtils.escape_html(str).object_id end def test_html_safe_escape_default_works str = EscapeUtils.escape_html_as_html_safe('foobar') assert_equal 'foobar', str end def test_returns_custom_string_class klass_before = EscapeUtils.html_safe_string_class EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString str = EscapeUtils.escape_html_as_html_safe('foobar') assert_equal 'foobar', str assert_equal MyCustomHtmlSafeString, str.class assert_equal true, str.instance_variable_get(:@html_safe) ensure EscapeUtils.html_safe_string_class = klass_before end def test_returns_custom_string_class_when_string_requires_escaping klass_before = EscapeUtils.html_safe_string_class EscapeUtils.html_safe_string_class = MyCustomHtmlSafeString str = EscapeUtils.escape_html_as_html_safe("