Refactor template & test related code (#32938)

Move some legacy code from "base" package to proper packages.
2025-07-22 18:28:37 +00:00 · 2024-12-22 23:33:19 +08:00
parent afe314fa77
commit a163c53a60
109 changed files with 479 additions and 476 deletions
--- a/modules/templates/helper_test.go
+++ b/modules/templates/helper_test.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 	"testing"

+	"code.gitea.io/gitea/modules/htmlutil"
 	"code.gitea.io/gitea/modules/util"

 	"github.com/stretchr/testify/assert"
@@ -65,31 +66,12 @@ func TestSanitizeHTML(t *testing.T) {
 	assert.Equal(t, template.HTML(`<a href="/" rel="nofollow">link</a> xss <div>inline</div>`), SanitizeHTML(`<a href="/">link</a> <a href="javascript:">xss</a> <div style="dangerous">inline</div>`))
 }

-func TestTemplateTruthy(t *testing.T) {
+func TestTemplateIif(t *testing.T) {
 	tmpl := template.New("test")
 	tmpl.Funcs(template.FuncMap{"Iif": iif})
 	template.Must(tmpl.Parse(`{{if .Value}}true{{else}}false{{end}}:{{Iif .Value "true" "false"}}`))

-	cases := []any{
-		nil, false, true, "", "string", 0, 1,
-		byte(0), byte(1), int64(0), int64(1), float64(0), float64(1),
-		complex(0, 0), complex(1, 0),
-		(chan int)(nil), make(chan int),
-		(func())(nil), func() {},
-		util.ToPointer(0), util.ToPointer(util.ToPointer(0)),
-		util.ToPointer(1), util.ToPointer(util.ToPointer(1)),
-		[0]int{},
-		[1]int{0},
-		[]int(nil),
-		[]int{},
-		[]int{0},
-		map[any]any(nil),
-		map[any]any{},
-		map[any]any{"k": "v"},
-		(*struct{})(nil),
-		struct{}{},
-		util.ToPointer(struct{}{}),
-	}
+	cases := []any{nil, false, true, "", "string", 0, 1}
 	w := &strings.Builder{}
 	truthyCount := 0
 	for i, v := range cases {
@@ -102,3 +84,37 @@ func TestTemplateTruthy(t *testing.T) {
 	}
 	assert.True(t, truthyCount != 0 && truthyCount != len(cases))
 }
+
+func TestTemplateEscape(t *testing.T) {
+	execTmpl := func(code string) string {
+		tmpl := template.New("test")
+		tmpl.Funcs(template.FuncMap{"QueryBuild": QueryBuild, "HTMLFormat": htmlutil.HTMLFormat})
+		template.Must(tmpl.Parse(code))
+		w := &strings.Builder{}
+		assert.NoError(t, tmpl.Execute(w, nil))
+		return w.String()
+	}
+
+	t.Run("Golang URL Escape", func(t *testing.T) {
+		// Golang template considers "href", "*src*", "*uri*", "*url*" (and more) ... attributes as contentTypeURL and does auto-escaping
+		actual := execTmpl(`<a href="?a={{"%"}}"></a>`)
+		assert.Equal(t, `<a href="?a=%25"></a>`, actual)
+		actual = execTmpl(`<a data-xxx-url="?a={{"%"}}"></a>`)
+		assert.Equal(t, `<a data-xxx-url="?a=%25"></a>`, actual)
+	})
+	t.Run("Golang URL No-escape", func(t *testing.T) {
+		// non-URL content isn't auto-escaped
+		actual := execTmpl(`<a data-link="?a={{"%"}}"></a>`)
+		assert.Equal(t, `<a data-link="?a=%"></a>`, actual)
+	})
+	t.Run("QueryBuild", func(t *testing.T) {
+		actual := execTmpl(`<a href="{{QueryBuild "?" "a" "%"}}"></a>`)
+		assert.Equal(t, `<a href="?a=%25"></a>`, actual)
+		actual = execTmpl(`<a href="?{{QueryBuild "a" "%"}}"></a>`)
+		assert.Equal(t, `<a href="?a=%25"></a>`, actual)
+	})
+	t.Run("HTMLFormat", func(t *testing.T) {
+		actual := execTmpl("{{HTMLFormat `<a k=\"%s\">%s</a>` `\"` `<>`}}")
+		assert.Equal(t, `<a k="&#34;">&lt;&gt;</a>`, actual)
+	})
+}