Commit | Line | Data |
f49292d9 |
1 | use strictures 1; |
2 | use Test::More; |
3 | use HTML::String::TT; |
4 | |
5 | my $tt = HTML::String::TT->new; |
6 | |
7 | sub do_tt { |
8 | my $output; |
9 | $tt->process(\$_[0], $_[1], \$output) or die $tt->error; |
10 | return "$output"; |
11 | } |
12 | |
13 | is( |
14 | do_tt('<tag>[% foo %]</tag>', { foo => 'Hi <bob>' }), |
15 | '<tag>Hi <bob></tag>', |
16 | ); |
17 | |
18 | is( |
19 | do_tt(q{[% |
20 | VIEW myview; BLOCK render; '<tag>'; foo; '</tag>'; END; END; |
21 | myview.include('render'); |
22 | %]}, { foo => 'Hi <bob>' }), |
23 | '<tag>Hi <bob></tag>', |
24 | ); |
25 | |
51eaef0b |
26 | is( |
27 | do_tt('<tag>[% foo | no_escape %]</tag>', { foo => 'Hi <bob>' }), |
28 | '<tag>Hi <bob></tag>', |
29 | ); |
30 | |
5c65e9e1 |
31 | # Check we aren't nailed by https://rt.perl.org/rt3/Ticket/Display.html?id=49594 |
32 | |
5bee64f9 |
33 | is( |
34 | do_tt('<foo>"$bar"</foo>'."\n"), |
35 | '<foo>"$bar"</foo>'."\n" |
36 | ); |
37 | |
ac4c210b |
38 | is( |
39 | do_tt( |
40 | '[% FOREACH item IN items %][% item %][% END %]', |
41 | { items => [ '<script>alert("lalala")</script>', '-> & so "on" <-' ] } |
42 | ), |
43 | '<script>alert("lalala")</script>' |
44 | .'-> & so "on" <-' |
45 | ); |
46 | |
10c4bc68 |
47 | is( do_tt('"0"', {}), '"0"' ); |
48 | |
f49292d9 |
49 | done_testing; |