Software /
code /
prosody
File
spec/util_http_spec.lua @ 11638:5f4a657136bc
util.format: Escape ASCII control characters in output
This should offer some protection against doing evil things to
terminals. Doesn't protect against pure broken UTF-8 garbage however.
See #734
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 15 Jun 2021 23:24:23 +0200 |
parent | 10711:d2e4584ba7b3 |
child | 13124:f15e23840780 |
line wrap: on
line source
local http = require "util.http"; describe("util.http", function() describe("#urlencode()", function() it("should not change normal characters", function() assert.are.equal(http.urlencode("helloworld123"), "helloworld123"); end); it("should escape spaces", function() assert.are.equal(http.urlencode("hello world"), "hello%20world"); end); it("should escape important URL characters", function() assert.are.equal(http.urlencode("This & that = something"), "This%20%26%20that%20%3d%20something"); end); end); describe("#urldecode()", function() it("should not change normal characters", function() assert.are.equal("helloworld123", http.urldecode("helloworld123"), "Normal characters not escaped"); end); it("should decode spaces", function() assert.are.equal("hello world", http.urldecode("hello%20world"), "Spaces escaped"); end); it("should decode important URL characters", function() assert.are.equal("This & that = something", http.urldecode("This%20%26%20that%20%3d%20something"), "Important URL chars escaped"); end); it("should decode both lower and uppercase", function () assert.are.equal("This & that = {something}.", http.urldecode("This%20%26%20that%20%3D%20%7Bsomething%7D%2E"), "Important URL chars escaped"); end); end); describe("#formencode()", function() it("should encode basic data", function() assert.are.equal(http.formencode({ { name = "one", value = "1"}, { name = "two", value = "2" } }), "one=1&two=2", "Form encoded"); end); it("should encode special characters with escaping", function() assert.are.equal(http.formencode({ { name = "one two", value = "1"}, { name = "two one&", value = "2" } }), "one+two=1&two+one%26=2", "Form encoded"); end); end); describe("#formdecode()", function() it("should decode basic data", function() local t = http.formdecode("one=1&two=2"); assert.are.same(t, { { name = "one", value = "1" }; { name = "two", value = "2" }; one = "1"; two = "2"; }); end); it("should decode special characters", function() local t = http.formdecode("one+two=1&two+one%26=2"); assert.are.same(t, { { name = "one two", value = "1" }; { name = "two one&", value = "2" }; ["one two"] = "1"; ["two one&"] = "2"; }); end); end); describe("normalize_path", function () it("root path is always '/'", function () assert.equal("/", http.normalize_path("/")); assert.equal("/", http.normalize_path("")); assert.equal("/", http.normalize_path("/", true)); assert.equal("/", http.normalize_path("", true)); end); it("works", function () assert.equal("/foo", http.normalize_path("foo")); assert.equal("/foo", http.normalize_path("/foo")); assert.equal("/foo", http.normalize_path("foo/")); assert.equal("/foo", http.normalize_path("/foo/")); end); it("is_dir works", function () assert.equal("/foo/", http.normalize_path("foo", true)); assert.equal("/foo/", http.normalize_path("/foo", true)); assert.equal("/foo/", http.normalize_path("foo/", true)); assert.equal("/foo/", http.normalize_path("/foo/", true)); end); end); describe("contains_token", function () it("is present in field", function () assert.is_true(http.contains_token("foo", "foo")); assert.is_true(http.contains_token("foo, bar", "foo")); assert.is_true(http.contains_token("foo,bar", "foo")); assert.is_true(http.contains_token("bar, foo,baz", "foo")); end); it("is absent from field", function () assert.is_false(http.contains_token("bar", "foo")); assert.is_false(http.contains_token("fooo", "foo")); assert.is_false(http.contains_token("foo o,bar", "foo")); end); it("is weird", function () assert.is_(http.contains_token("fo o", "foo")); end); end); end);