From 7c29bf765fd666e61b9bc7d0eb40909b8e9002da Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Thu, 7 Sep 2017 20:42:55 +0200
Subject: Extend escaping according to OWASP recommendations

---
 testing/tests/filters.rs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'testing/tests')

diff --git a/testing/tests/filters.rs b/testing/tests/filters.rs
index 8e558ba..fe218e3 100644
--- a/testing/tests/filters.rs
+++ b/testing/tests/filters.rs
@@ -16,15 +16,16 @@ struct TestTemplate {
 #[test]
 fn filter_escape() {
     let s = TestTemplate {
-        strvar: "my <html> is unsafe & should be escaped".to_string(),
+        strvar: "// my <html> is \"unsafe\" & should be 'escaped'".to_string(),
     };
     assert_eq!(s.render().unwrap(),
-               "my &lt;html&gt; is unsafe &amp; should be escaped");
+               "&#x2f;&#x2f; my &lt;html&gt; is &quot;unsafe&quot; &amp; \
+                should be &#x27;escaped&#x27;");
 }
 
 
 #[derive(Template)]
-#[template(path = "format.html")]
+#[template(path = "format.html", escape = "none")]
 struct FormatTemplate<'a> {
     var: &'a str,
 }
-- 
cgit