Skip to content

Commit

Permalink
Add tests to check that the HTML is escaped when creating/editing stores
Browse files Browse the repository at this point in the history
  • Loading branch information
Aitor Magán committed Dec 23, 2015
1 parent 3cc9f22 commit 7d6bdfe
Showing 1 changed file with 53 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,12 @@
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.mockito.InOrder;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.web.util.HtmlUtils;

public class StoreBoImplTest {

Expand Down Expand Up @@ -206,6 +208,26 @@ public void testSaveWithoutImage() {
testSave(false);
}

@Test
public void testHtmlIsEscapedWhenCreating() throws Exception {

String html = "<img src=\"http://fiware.org/logo.png\">";

Store store = mock(Store.class);
when(store.getName()).thenReturn(NAME);
when(store.getDisplayName()).thenReturn(DISPLAY_NAME);
when(store.getComment()).thenReturn(html);
when(storeAuthMock.canCreate(store)).thenReturn(true);

InOrder order = inOrder(store, storeDaoMock);

storeBo.save(store);

order.verify(store).setComment(HtmlUtils.htmlEscape(html));
order.verify(storeDaoMock).save(store);

}


///////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////// UPDATE ////////////////////////////////////////
Expand Down Expand Up @@ -324,6 +346,10 @@ private void testUpdateStoreField(Store updatedStore) {

// Assert that last modifier has changed
assertThat(store.getLasteditor()).isEqualTo(user);

// Check that the store has been modified in the data base
verify(storeDaoMock).update(store);

} catch (Exception ex) {
// It's not supposed to happen
fail("Exception " + ex + " is not supposed to happen");
Expand Down Expand Up @@ -358,6 +384,33 @@ public void testUpdateStoreImage() {
testUpdateStoreField(newStore);
}

@Test
public void testHtmlIsEscapedWhenUpdating() throws Exception {


String html = "<img src=\"http://fiware.org/logo.png\">";

Store updatedStore = mock(Store.class);
when(updatedStore.getComment()).thenReturn(html);

Store storeToBeUpdated = mock(Store.class);

// Mock
doReturn(storeToBeUpdated).when(storeDaoMock).findByName(NAME);
when(storeAuthMock.canUpdate(storeToBeUpdated)).thenReturn(true);

InOrder order = inOrder(storeToBeUpdated, storeDaoMock);

// Call the method
storeBo.update(NAME, updatedStore);

// Verify that the html has been escaped before inserting it
// in the database
order.verify(storeToBeUpdated).setComment(HtmlUtils.htmlEscape(html));
order.verify(storeDaoMock).update(storeToBeUpdated);

}


///////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////// DELETE ////////////////////////////////////////
Expand Down

0 comments on commit 7d6bdfe

Please sign in to comment.