diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2023-05-29 19:14:11 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2023-05-29 19:14:11 -0700 |
| commit | 271e541893c4d10b3b4fa8f20cb6c54f0af2527e (patch) | |
| tree | d88068ca91fffbacc04359e8084b90551ea884fe /test | |
| parent | ff4671eca8e75611a76368eb3f3a3dde334ddb80 (diff) | |
| download | tl-who-271e541893c4d10b3b4fa8f20cb6c54f0af2527e.tar.gz tl-who-271e541893c4d10b3b4fa8f20cb6c54f0af2527e.tar.bz2 tl-who-271e541893c4d10b3b4fa8f20cb6c54f0af2527e.zip | |
Fix CL-WHO attr bugs: no escaping, poor constant handling.
CL-WHO tries to handle the case when attribute values are
constant NIL and T values, but it bungles it; it applies
the correct behavior only when the constants are literally
these symbols, not when they are constant expressions
which evaluate to these values.
Secondly, CL-WHO neglects to HTML-escape attribute values.
We fix this behavior and introduce a noesc operator to
selectively revert it, as well as a *cl-who-compat* special
to revert the behavior more pervasively, for the daredevils.
* packages.tl (tl-who): New symbols *cl-who-compat* and noesc.
* specials.tl (*cl-who-compat*): New special variable.
* who.tl (convert-attributes): When treating a constant
expression, evaluate it first, then check for nil or t.
Escape interpolated text with html-encode.
Check the original expression for (noesc ...) pattern,
or the presence of *cl-who-compat*. In these cases, don't
generate the escape call.
* test/simple.tl: New tests 28 to 37 providing some coverage
to all these changes.
* README.md: Document.
Diffstat (limited to 'test')
| -rw-r--r-- | test/simple.tl | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/test/simple.tl b/test/simple.tl index 374bc7e..7645901 100644 --- a/test/simple.tl +++ b/test/simple.tl @@ -361,3 +361,72 @@ <div>\n \ \ <p>Bar</p>\n \ </div>") + +;;; TL-WHO Tests + +;;; 28 +;;; Test that non-constant t attribute value treated same as constant t. +(test (let ((attr-val t)) + (with-html-output-to-string (out) + (:foo :bar attr-val))) + "<foo bar='bar'></foo>") + +;;; 29 +;;; Test that non-constant nil attribute value treated same as constant t. +(test (let ((attr-val nil)) + (with-html-output-to-string (out) + (:foo :bar attr-val))) + "<foo></foo>") + +;;; 30 +;;; Test that complex constant evaluating to t is treated right. +(test (with-html-output-to-string (out) + (:foo :bar (quote t))) + "<foo bar='bar'></foo>") + +;;; 31 +;;; Test that complex constant nil attribute value treated right. +(test (with-html-output-to-string (out) + (:foo :bar (quote nil))) + "<foo></foo>") + +;;; 32 +;;; Test that we escape a constant string attribute properly. +(test (with-html-output-to-string (out) + (:foo :bar "'blah<tag>")) + "<foo bar=''blah<tag>'></foo>") + +;;; 33 +;;; Test that we escape a non-constant string attribute properly. +(test (let ((attr-val "'blah<tag>")) + (with-html-output-to-string (out) + (:foo :bar attr-val))) + "<foo bar=''blah<tag>'></foo>") + +;;; 34 +;;; Test that noesc works for constant. +(test (with-html-output-to-string (out) + (:foo :bar (noesc "'blah<tag>"))) + "<foo bar=''blah<tag>'></foo>") + +;;; 35 +;;; Test that noesc works for non-constant. +(test (let ((attr-val "'blah<tag>")) + (with-html-output-to-string (out) + (:foo :bar (noesc attr-val)))) + "<foo bar=''blah<tag>'></foo>") + +;;; 36 +;;; Test that *cl-who-compat* defeats escaping for constant. +(test (expander-let ((*cl-who-compat* t)) + (with-html-output-to-string (out) + (:foo :bar (noesc "'blah<tag>")))) + "<foo bar=''blah<tag>'></foo>") + +;;; 37 +;;; Test that *cl-who-compat* defeats escaping for non-constant. +(test (expander-let ((*cl-who-compat* t)) + (let ((attr-val "'blah<tag>")) + (with-html-output-to-string (out) + (:foo :bar (noesc attr-val))))) + "<foo bar=''blah<tag>'></foo>") |