Permalink
Browse files

Merge pull request #977 from julienrf/clean/template-formats-tests

Add missing tests
  • Loading branch information...
2 parents 633d9af + 76e4958 commit 3932cb41dcbbdf9805dad3ec01319e1a4e91d509 @huntc huntc committed Apr 8, 2013
@@ -27,4 +27,10 @@ object TemplatesSpec extends Specification {
}
}
+ "JavaScriptFormat" should {
+ """escape ''', '"' and '\'""" in {
+ JavaScriptFormat.escape("""foo ' bar " baz \""").body must equalTo ("""foo \' bar \" baz \\""")
+ }
+ }
+
}
@@ -218,7 +218,6 @@ trait PlaySettings {
templatesImport := Seq("play.api.templates._", "play.api.templates.PlayMagic._"),
-
scalaIdePlay2Prefs <<= (state, thisProjectRef, baseDirectory) map { (s, r, baseDir) => saveScalaIdePlay2Prefs(r, Project structure s, baseDir) },
templatesTypes := Map(
@@ -29,6 +29,10 @@ public static Result chatRoom(String username) {
}
return ok(chatRoom.render(username));
}
+
+ public static Result chatRoomJs(String username) {
+ return ok(views.js.chatRoom.render(username));
+ }
/**
* Handle the chat websocket.
@@ -25,60 +25,6 @@
</div>
</div>
- <script type="text/javascript" charset="utf-8">
-
- $(function() {
- var WS = window['MozWebSocket'] ? MozWebSocket : WebSocket
- var chatSocket = new WS("@routes.Application.chat(username).webSocketURL(request)")
-
- var sendMessage = function() {
- chatSocket.send(JSON.stringify(
- {text: $("#talk").val()}
- ))
- $("#talk").val('')
- }
-
- var receiveEvent = function(event) {
- var data = JSON.parse(event.data)
-
- // Handle errors
- if(data.error) {
- chatSocket.close()
- $("#onError span").text(data.error)
- $("#onError").show()
- return
- } else {
- $("#onChat").show()
- }
-
- // Create the message element
- var el = $('<div class="message"><span></span><p></p></div>')
- $("span", el).text(data.user)
- $("p", el).text(data.message)
- $(el).addClass(data.kind)
- if(data.user == '@username') $(el).addClass('me')
- $('#messages').append(el)
-
- // Update the members list
- $("#members").html('')
- $(data.members).each(function() {
- $("#members").append('<li>' + this + '</li>')
- })
- }
-
- var handleReturnKey = function(e) {
- if(e.charCode == 13 || e.keyCode == 13) {
- e.preventDefault()
- sendMessage()
- }
- }
-
- $("#talk").keypress(handleReturnKey)
-
- chatSocket.onmessage = receiveEvent
-
- })
-
- </script>
+ <script type="text/javascript" charset="utf-8" src="@routes.Application.chatRoomJs(username)"></script>
}
@@ -0,0 +1,55 @@
+@(username: String)
+
+$(function() {
+ var WS = window['MozWebSocket'] ? MozWebSocket : WebSocket
+ var chatSocket = new WS("@routes.Application.chat(username).webSocketURL(request)")
+
+ var sendMessage = function() {
+ chatSocket.send(JSON.stringify(
+ {text: $("#talk").val()}
+ ))
+ $("#talk").val('')
+ }
+
+ var receiveEvent = function(event) {
+ var data = JSON.parse(event.data)
+
+ // Handle errors
+ if(data.error) {
+ chatSocket.close()
+ $("#onError span").text(data.error)
+ $("#onError").show()
+ return
+ } else {
+ $("#onChat").show()
+ }
+
+ // Create the message element
+ var el = $('<div class="message"><span></span><p></p></div>')
+ $("span", el).text(data.user)
+ $("p", el).text(data.message)
+ $(el).addClass(data.kind)
+ if(data.user == '@username') $(el).addClass('me')
+ $('#messages').append(el)
+
+ // Update the members list
+ $("#members").html('')
+ $(data.members).each(function() {
+ var li = document.createElement('li');
+ li.textContent = this;
+ $("#members").append(li);
+ })
+ }
+
+ var handleReturnKey = function(e) {
+ if(e.charCode == 13 || e.keyCode == 13) {
+ e.preventDefault()
+ sendMessage()
+ }
+ }
+
+ $("#talk").keypress(handleReturnKey)
+
+ chatSocket.onmessage = receiveEvent
+
+})
@@ -3,9 +3,10 @@
# ~~~~
# Home page
-GET / controllers.Application.index()
-GET /room controllers.Application.chatRoom(username: String ?= null)
-GET /room/chat controllers.Application.chat(username)
+GET / controllers.Application.index()
+GET /room controllers.Application.chatRoom(username: String ?= null)
+GET /room/chat controllers.Application.chat(username)
+GET /assets/javascripts/chatroom.js controllers.Application.chatRoomJs(username)
# Map static resources from the /public folder to the /assets URL path
-GET /assets/*file controllers.Assets.at(path="/public", file)
+GET /assets/*file controllers.Assets.at(path="/public", file)
@@ -0,0 +1,32 @@
+import org.junit.Test;
+
+import play.mvc.Result;
+
+import static org.fest.assertions.Assertions.assertThat;
+import static play.test.Helpers.*;
+
+
+public class FunctionalTest {
+ @Test
+ public void sendJavaScript() {
+ running(fakeApplication(), new Runnable() {
+ @Override
+ public void run() {
+ Result result = callAction(controllers.routes.ref.Application.chatRoomJs("'"));
+ assertThat(status(result)).isEqualTo(OK);
+ assertThat(contentType(result)).isEqualTo("text/javascript");
+ }
+ });
+ }
+
+ @Test
+ public void resistToXSS() {
+ running(fakeApplication(), new Runnable() {
+ @Override
+ public void run() {
+ Result result = callAction(controllers.routes.ref.Application.chatRoomJs("'"));
+ assertThat(contentAsString(result)).contains("if(data.user == '\\'')");
+ }
+ });
+ }
+}
@@ -0,0 +1,26 @@
+package test
+
+import org.specs2.mutable.Specification
+
+import play.api.test._
+import play.api.test.Helpers._
+
+class ApplicationSpec extends Specification {
+
+ "Application" should {
+ "Send JavaScript content" in {
+ running(FakeApplication()) {
+ val js = route(FakeRequest(GET, "/assets/javascripts/chatroom.js?username=julien")).get
+ status(js) must equalTo (OK)
+ contentType(js) must beSome.which(_ == "text/javascript")
+ }
+ }
+ "Resist to XSS attacks" in {
+ running(FakeApplication()) {
+ val js = route(FakeRequest(GET, "/assets/javascripts/chatroom.js?username='")).get
+ contentAsString(js).contains("""if(data.user == '\'')""") must beTrue
+ }
+ }
+ }
+
+}

0 comments on commit 3932cb4

Please sign in to comment.