Extend escaping according to OWASP recommendations

author: Dirkjan Ochtman <dirkjan@ochtman.nl> 2017-09-07 20:42:55 +0200
committer: Dirkjan Ochtman <dirkjan@ochtman.nl> 2017-09-07 20:42:55 +0200
commit: 7c29bf765fd666e61b9bc7d0eb40909b8e9002da (patch)
tree: 450263b920a0239ab6d4734dd385e2c1978d068e /testing
parent: df2637c0324d2cb3f5925b8595417b08496de4a5 (diff)
download: askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.tar.gz
askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.tar.bz2
askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/testing/tests/filters.rs b/testing/tests/filters.rs
index 8e558ba..fe218e3 100644
--- a/testing/tests/filters.rs
+++ b/testing/tests/filters.rs
@@ -16,15 +16,16 @@ struct TestTemplate {
 #[test]
 fn filter_escape() {
     let s = TestTemplate {
-        strvar: "my <html> is unsafe & should be escaped".to_string(),
+        strvar: "// my <html> is \"unsafe\" & should be 'escaped'".to_string(),
     };
     assert_eq!(s.render().unwrap(),
-               "my &lt;html&gt; is unsafe &amp; should be escaped");
+               "&#x2f;&#x2f; my &lt;html&gt; is &quot;unsafe&quot; &amp; \
+                should be &#x27;escaped&#x27;");
 }
 
 
 #[derive(Template)]
-#[template(path = "format.html")]
+#[template(path = "format.html", escape = "none")]
 struct FormatTemplate<'a> {
     var: &'a str,
 }
author	Dirkjan Ochtman <dirkjan@ochtman.nl>	2017-09-07 20:42:55 +0200
committer	Dirkjan Ochtman <dirkjan@ochtman.nl>	2017-09-07 20:42:55 +0200
commit	7c29bf765fd666e61b9bc7d0eb40909b8e9002da (patch)
tree	450263b920a0239ab6d4734dd385e2c1978d068e /testing
parent	df2637c0324d2cb3f5925b8595417b08496de4a5 (diff)
download	askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.tar.gz askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.tar.bz2 askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.zip