From 0d14c27032acba5db324fa9dda972dda692792b2 Mon Sep 17 00:00:00 2001 From: "Erik C. Thauvin" Date: Wed, 28 Feb 2024 03:29:29 -0800 Subject: [PATCH] Added JS escaping for newline, linefeed, return, tab and backspace. Closes #1 --- src/main/java/rife/render/RenderUtils.java | 6 ++++++ src/test/java/rife/render/TestEncode.java | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/src/main/java/rife/render/RenderUtils.java b/src/main/java/rife/render/RenderUtils.java index e0535be..43c92c1 100644 --- a/src/main/java/rife/render/RenderUtils.java +++ b/src/main/java/rife/render/RenderUtils.java @@ -195,6 +195,11 @@ public final class RenderUtils { case '"' -> sb.append("\\\""); case '\\' -> sb.append("\\\\"); case '/' -> sb.append("\\/"); + case '\b' -> sb.append("\\b"); + case '\n' -> sb.append(("\\n")); + case '\t' -> sb.append("\\t"); + case '\f' -> sb.append("\\f"); + case '\r' -> sb.append("\\r"); default -> sb.append(c); } } @@ -597,4 +602,5 @@ public final class RenderUtils { } return false; } + } \ No newline at end of file diff --git a/src/test/java/rife/render/TestEncode.java b/src/test/java/rife/render/TestEncode.java index 6cedb25..d02571f 100644 --- a/src/test/java/rife/render/TestEncode.java +++ b/src/test/java/rife/render/TestEncode.java @@ -55,6 +55,10 @@ class TestEncode { t.setAttribute(TestCase.FOO, "'\"\\/"); assertThat(t.getContent()).isEqualTo("\\'\\\"\\\\\\/"); + t = TemplateFactory.TXT.get("encodeJs"); + t.setAttribute(TestCase.FOO, "This is\f\b a\r\n\ttest"); + assertThat(t.getContent()).isEqualTo("This is\\f\\b a\\r\\n\\ttest"); + t = TemplateFactory.HTML.get("encodeJs"); t.setAttribute(TestCase.FOO, '"' + TestCase.SAMPLE_TEXT + '"'); assertThat(t.getContent()).as("with unicode")