diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2014-02-10 18:44:09 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-02-10 18:44:09 +0100 |
| commit | bcb9385d13ce2671702323f5b1a90c4d61dcc995 (patch) | |
| tree | 64b8fe22e9026e2714f9f688d178d519c0d95507 /t | |
| parent | 1ef5cef33f37d5b7ca961e0e50836f307cf0c3f5 (diff) | |
| download | bugzilla-bcb9385d13ce2671702323f5b1a90c4d61dcc995.tar.gz bugzilla-bcb9385d13ce2671702323f5b1a90c4d61dcc995.tar.xz | |
Bug 926085: Forbird single quotes to delimit URLs (no <a href='...'>)
r=dkl a=glob
Diffstat (limited to 't')
| -rw-r--r-- | t/004template.t | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/t/004template.t b/t/004template.t index 298bb52c0..604559dc0 100644 --- a/t/004template.t +++ b/t/004template.t @@ -20,7 +20,7 @@ use CGI qw(-no_debug); use File::Spec; use Template; -use Test::More tests => ( scalar(@referenced_files) + $num_actual_files ); +use Test::More tests => ( scalar(@referenced_files) + 2 * $num_actual_files ); # Capture the TESTOUT from Test::More or Test::Builder for printing errors. # This will handle verbosity for us automatically. @@ -104,6 +104,20 @@ foreach my $include_path (@include_paths) { ok(0, "$path has bad syntax --ERROR"); print $fh $data . "\n"; } + + # Make sure no forbidden constructs are present. + local $/; + open(FILE, '<', $path) or die "Can't open $file: $!\n"; + $data = <FILE>; + close (FILE); + + # Forbid single quotes to delimit URLs, see bug 926085. + if ($data =~ /href=\\?'/) { + ok(0, "$path contains blacklisted constructs: href='...'"); + } + else { + ok(1, "$path contains no blacklisted constructs"); + } } } |