Bug 926085: Forbird single quotes to delimit URLs (no <a href='...'>)

author Frédéric Buclin <LpSolit@gmail.com>

Mon, 10 Feb 2014 17:44:09 +0000 (18:44 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Mon, 10 Feb 2014 17:44:09 +0000 (18:44 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Mon, 10 Feb 2014 17:44:09 +0000 (18:44 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Mon, 10 Feb 2014 17:44:09 +0000 (18:44 +0100)
diff --git a/t/004template.t b/t/004template.t

index 298bb52c06e0a46bdf758197c02d1559c9ac2dc8..604559dc0bac849825f307890f930a71d302574b 100644 (file)
--- a/t/004template.t
+++ b/t/004template.t
@@ -20,7 +20,7 @@ use CGI qw(-no_debug);
  
  use File::Spec;
  use Template;
-use Test::More tests => ( scalar(@referenced_files) + $num_actual_files );
+use Test::More tests => ( scalar(@referenced_files) + 2 * $num_actual_files );
  
  # Capture the TESTOUT from Test::More or Test::Builder for printing errors.
  # This will handle verbosity for us automatically.
@@ -104,6 +104,20 @@ foreach my $include_path (@include_paths) {
              ok(0, "$path has bad syntax --ERROR");
              print $fh $data . "\n";
          }
+
+        # Make sure no forbidden constructs are present.
+        local $/;
+        open(FILE, '<', $path) or die "Can't open $file: $!\n";
+        $data = <FILE>;
+        close (FILE);
+
+        # Forbid single quotes to delimit URLs, see bug 926085.
+        if ($data =~ /href=\\?'/) {
+            ok(0, "$path contains blacklisted constructs: href='...'");
+        }
+        else {
+            ok(1, "$path contains no blacklisted constructs");
+        }
      }
  }
author	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 10 Feb 2014 17:44:09 +0000 (18:44 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 10 Feb 2014 17:44:09 +0000 (18:44 +0100)