aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/whitespace.rs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update tests for whitespace characters handlingLibravatar Guillaume Gomez2023-03-091-6/+38
|
* Add test for "minimize" configLibravatar Guillaume Gomez2022-04-261-0/+43
|
* Make json filter safeLibravatar René Kijewski2022-02-161-1/+3
| | | | | | | | | | | | | | | | | | | | | Previously the built-in json filter had an issue that made it unsafe to use in HTML data. When used in HTML attributes an attacker who is able to supply an arbitrary string that should be JSON encoded could close the containing HTML element e.g. with `"</div>"`, and write arbitrary HTML code afterwards as long as they use apostrophes instead of quotation marks. The programmer could make this use case safe by explicitly escaping the JSON result: `{{data|json|escape}}`. In a `<script>` context the json filter was not usable at all, because in scripts HTML escaped entities are not parsed outside of XHTML documents. Without using the safe filter an attacker could close the current script using `"</script>"`. This PR fixes the problem by always escaping less-than, greater-than, ampersand, and apostrophe characters using their JSON unicode escape sequence `\u00xx`. Unless the programmer explicitly uses the safe filter, quotation marks are HTML encoded as `&quot`. In scripts the programmer should use the safe filter, otherwise not.
* Fixed whitespace issue when generating match (#399)Libravatar Christian Vallentin2020-12-121-1/+1
| | | | | | | | | | | | | * Fixed #397 * Updated parser to ignore whitespace between match and when * Updated test cases * Updated Python script to generate match ws tests * Added match ws tests * Resolved rustfmt lint
* Fix additional clippy issueLibravatar Dirkjan Ochtman2020-07-201-1/+1
|
* Clean up clippy issuesLibravatar Dirkjan Ochtman2020-07-201-1/+1
|
* Add tests for allow whitespaces patchLibravatar Ciprian Dorin Craciun2020-06-301-0/+41