From 240db1a527f880948ab1d17f915e55c986ffc716 Mon Sep 17 00:00:00 2001
From: 'Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 10 Feb 2014 15:54:21 +0800
Subject: Bug 926085: Forbird single quotes to delimit URLs (no <a href='...'>)

---
 t/004template.t | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 't')

diff --git a/t/004template.t b/t/004template.t
index ce18619e7..666ce5fa4 100644
--- a/t/004template.t
+++ b/t/004template.t
@@ -38,7 +38,7 @@ use CGI qw(-no_debug);
 
 use File::Spec;
 use Template;
-use Test::More tests => ( scalar(@referenced_files) + $num_actual_files );
+use Test::More tests => ( scalar(@referenced_files) + 2 * $num_actual_files );
 
 # Capture the TESTOUT from Test::More or Test::Builder for printing errors.
 # This will handle verbosity for us automatically.
@@ -123,6 +123,20 @@ foreach my $include_path (@include_paths) {
             ok(0, "$path has bad syntax --ERROR");
             print $fh $data . "\n";
         }
+
+        # Make sure no forbidden constructs are present.
+        local $/;
+        open(FILE, '<', $path) or die "Can't open $file: $!\n";
+        $data = <FILE>;
+        close (FILE);
+
+        # Forbid single quotes to delimit URLs, see bug 926085.
+        if ($data =~ /href=\\?'/) {
+            ok(0, "$path contains blacklisted constructs: href='...'");
+        }
+        else {
+            ok(1, "$path contains no blacklisted constructs");
+        }
     }
 }
 
-- 
cgit v1.2.3-24-g4f1b