aboutsummaryrefslogtreecommitdiffstats
path: root/testing
diff options
context:
space:
mode:
authorLibravatar Dirkjan Ochtman <dirkjan@ochtman.nl>2017-09-07 20:42:55 +0200
committerLibravatar Dirkjan Ochtman <dirkjan@ochtman.nl>2017-09-07 20:42:55 +0200
commit7c29bf765fd666e61b9bc7d0eb40909b8e9002da (patch)
tree450263b920a0239ab6d4734dd385e2c1978d068e /testing
parentdf2637c0324d2cb3f5925b8595417b08496de4a5 (diff)
downloadaskama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.tar.gz
askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.tar.bz2
askama-7c29bf765fd666e61b9bc7d0eb40909b8e9002da.zip
Extend escaping according to OWASP recommendations
Diffstat (limited to 'testing')
-rw-r--r--testing/tests/filters.rs7
1 files changed, 4 insertions, 3 deletions
diff --git a/testing/tests/filters.rs b/testing/tests/filters.rs
index 8e558ba..fe218e3 100644
--- a/testing/tests/filters.rs
+++ b/testing/tests/filters.rs
@@ -16,15 +16,16 @@ struct TestTemplate {
#[test]
fn filter_escape() {
let s = TestTemplate {
- strvar: "my <html> is unsafe & should be escaped".to_string(),
+ strvar: "// my <html> is \"unsafe\" & should be 'escaped'".to_string(),
};
assert_eq!(s.render().unwrap(),
- "my &lt;html&gt; is unsafe &amp; should be escaped");
+ "&#x2f;&#x2f; my &lt;html&gt; is &quot;unsafe&quot; &amp; \
+ should be &#x27;escaped&#x27;");
}
#[derive(Template)]
-#[template(path = "format.html")]
+#[template(path = "format.html", escape = "none")]
struct FormatTemplate<'a> {
var: &'a str,
}