commit 33705ddea11cd430b1aadc630f190f005126ea04
author David Symonds <dsymonds@golang.org> Wed Jul 06 16:51:49 2011 +1000
committer David Symonds <dsymonds@golang.org> Wed Jul 06 16:51:49 2011 +1000
tree 06fce1df3e61a3cdc46cb971b7d280112b390abf
parent a33cc423b4c0eb5ef74bda96d7335521a9c7978c

exp/template: add a JavaScript escaper.

R=r
CC=golang-dev
https://golang.org/cl/4671048

src/pkg/exp/template/exec_test.go

diff --git a/src/pkg/exp/template/exec_test.go b/src/pkg/exp/template/exec_test.go
index 5be82dd..74c92e5 100644
--- a/src/pkg/exp/template/exec_test.go
+++ b/src/pkg/exp/template/exec_test.go
@@ -158,6 +158,8 @@
 		"<script>alert("XSS");</script>", nil, true},
 	{"html pipeline", `{{printf "<script>alert(\"XSS\");</script>" | html}}`,
 		"&lt;script&gt;alert(&#34;XSS&#34;);&lt;/script&gt;", nil, true},
+	// JS.
+	{"js", `{{js .}}`, `It\'d be nice.`, `It'd be nice.`, true},
 	// Booleans
 	{"not", "{{not true}} {{not false}}", "false true", nil, true},
 	{"and", "{{and 0 0}} {{and 1 0}} {{and 0 1}} {{and 1 1}}", "false false false true", nil, true},
@@ -248,3 +250,21 @@
 		t.Errorf("expected os.EPERM; got %s", err)
 	}
 }
+
+func TestJSEscaping(t *testing.T) {
+	testCases := []struct {
+		in, exp string
+	}{
+		{`a`, `a`},
+		{`'foo`, `\'foo`},
+		{`Go "jump" \`, `Go \"jump\" \\`},
+		{`Yukihiro says "今日は世界"`, `Yukihiro says \"今日は世界\"`},
+		{"unprintable \uFDFF", `unprintable \uFDFF`},
+	}
+	for _, tc := range testCases {
+		s := JSEscapeString(tc.in)
+		if s != tc.exp {
+			t.Errorf("JS escaping [%s] got [%s] want [%s]", tc.in, s, tc.exp)
+		}
+	}
+}