1 | cc = require '../lib/coffeecup'
|
2 |
|
3 | describe 'Escaping', ->
|
4 | describe "h1 h(\"<script>alert('\"owned\" by c&a ©')</script>)", ->
|
5 | it "should render <h1><script>alert('"owned" by c&a &copy;')</script></h1>", ->
|
6 | t = -> h1 h("<script>alert('\"owned\" by c&a ©')</script>")
|
7 | cc.render(t).should.equal "<h1><script>alert('"owned" by c&a &copy;')</script></h1>"
|
8 |
|
9 | describe 'AutoEscaping', ->
|
10 | describe "h1 <script>alert('\"owned\" by c&a ©')</script>", ->
|
11 | it "should render <h1><script>alert('"owned" by c&a &copy;')</script></h1>", ->
|
12 | t = -> h1 "<script>alert('\"owned\" by c&a ©')</script>"
|
13 | cc.render(t, autoescape: yes).should.equal "<h1><script>alert('"owned" by c&a &copy;')</script></h1>"
|
14 |
|
15 | describe 'Escaping optimized', ->
|
16 | describe "h1 h(\"<script>alert('\"owned\" by c&a ©')</script>)", ->
|
17 | it "should render <h1><script>alert('"owned" by c&a &copy;')</script></h1>", ->
|
18 | t = -> h1 h("<script>alert('\"owned\" by c&a ©')</script>")
|
19 | cc.render(t, optimized: true, cache: on).should.equal "<h1><script>alert('"owned" by c&a &copy;')</script></h1>"
|
20 |
|
21 | describe 'AutoEscaping optimized', ->
|
22 | describe "h1 <script>alert('\"owned\" by c&a ©')</script>", ->
|
23 | it "should render <h1><script>alert('"owned" by c&a &copy;')</script></h1>", ->
|
24 | t = -> h1 "<script>alert('\"owned\" by c&a ©')</script>"
|
25 | cc.render(t, autoescape: yes, optimized: true, cache: on).should.equal "<h1><script>alert('"owned" by c&a &copy;')</script></h1>"
|
26 |
|