SEC-1377: Extended HTML escaping functionality to take account of control characters, whitespace and to handle Unicode supplementary characters (surrogate pairs).
This commit is contained in:
@@ -7,9 +7,45 @@ import org.springframework.security.web.util.TextEscapeUtils;
|
||||
|
||||
public class TextEscapeUtilsTests {
|
||||
|
||||
/**
|
||||
* &, <, >, ", ' and (space) escaping
|
||||
*/
|
||||
@Test
|
||||
public void charactersAreEscapedCorrectly() {
|
||||
assertEquals("a<script>"'", TextEscapeUtils.escapeEntities("a<script>\"'"));
|
||||
assertEquals("& a<script>"'", TextEscapeUtils.escapeEntities("& a<script>\"'"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nullOrEmptyStringIsHandled() throws Exception {
|
||||
assertEquals("", TextEscapeUtils.escapeEntities(""));
|
||||
assertNull(TextEscapeUtils.escapeEntities(null));
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void invalidLowSurrogateIsDetected() throws Exception {
|
||||
TextEscapeUtils.escapeEntities("abc\uDCCCdef");
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void missingLowSurrogateIsDetected() throws Exception {
|
||||
TextEscapeUtils.escapeEntities("abc\uD888a");
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void highSurrogateAtEndOfStringIsRejected() throws Exception {
|
||||
TextEscapeUtils.escapeEntities("abc\uD888");
|
||||
}
|
||||
|
||||
/**
|
||||
* Delta char: 𐐀
|
||||
*/
|
||||
@Test
|
||||
public void validSurrogatePairIsAccepted() throws Exception {
|
||||
assertEquals("abc𐐀a", TextEscapeUtils.escapeEntities("abc\uD801\uDC00a"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void undefinedSurrogatePairIsIgnored() throws Exception {
|
||||
assertEquals("abca", TextEscapeUtils.escapeEntities("abc\uD888\uDC00a"));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user