From bcb9385d13ce2671702323f5b1a90c4d61dcc995 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 10 Feb 2014 18:44:09 +0100
Subject: Bug 926085: Forbird single quotes to delimit URLs (no <a href='...'>)
 r=dkl a=glob

---
 t/004template.t | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 't')

diff --git a/t/004template.t b/t/004template.t
index 298bb52c0..604559dc0 100644
--- a/t/004template.t
+++ b/t/004template.t
@@ -20,7 +20,7 @@ use CGI qw(-no_debug);
 
 use File::Spec;
 use Template;
-use Test::More tests => ( scalar(@referenced_files) + $num_actual_files );
+use Test::More tests => ( scalar(@referenced_files) + 2 * $num_actual_files );
 
 # Capture the TESTOUT from Test::More or Test::Builder for printing errors.
 # This will handle verbosity for us automatically.
@@ -104,6 +104,20 @@ foreach my $include_path (@include_paths) {
             ok(0, "$path has bad syntax --ERROR");
             print $fh $data . "\n";
         }
+
+        # Make sure no forbidden constructs are present.
+        local $/;
+        open(FILE, '<', $path) or die "Can't open $file: $!\n";
+        $data = <FILE>;
+        close (FILE);
+
+        # Forbid single quotes to delimit URLs, see bug 926085.
+        if ($data =~ /href=\\?'/) {
+            ok(0, "$path contains blacklisted constructs: href='...'");
+        }
+        else {
+            ok(1, "$path contains no blacklisted constructs");
+        }
     }
 }
 
-- 
cgit v1.2.3-24-g4f1b