hiifong/pmd
1
0
Fork 0
forked from phoedos/pmd
Code Pull Requests Activity

[core] HTMLRenderer: Add test for HTML escaping

Browse Source
This commit is contained in:
Andreas Dangel 2017-05-01 17:19:30 +02:00
parent a99c39fd24
commit c5ae33a683
5 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pmd-core/src/main/java/net/sourceforge/pmd/renderers/HTMLRenderer.java
View File

@ -129,7 +129,7 @@ public class HTMLRenderer extends AbstractIncrementingRenderer {
+ "</td>" + PMD.EOL);
buf.append("<td align=\"center\" width=\"5%\">" + Integer.toString(rv.getBeginLine()) + "</td>" + PMD.EOL);
String d = StringUtil.htmlEncode(rv.getDescription());
String d = StringEscapeUtils.escapeHtml4(rv.getDescription());
String infoUrl = rv.getRule().getExternalInfoUrl();
if (StringUtil.isNotEmpty(infoUrl)) {

8
pmd-core/src/main/java/net/sourceforge/pmd/util/StringUtil.java
View File

@ -231,7 +231,10 @@ public final class StringUtil {
* @param string
* String
* @return String
*
* @deprecated Use StringEscapeUtils#escapeHtml4 instead
*/
@Deprecated
public static String htmlEncode(String string) {
String encoded = replaceString(string, '&', "&amp;");
encoded = replaceString(encoded, '<', "&lt;");
@ -247,11 +250,6 @@ public final class StringUtil {
* should be replaced with entities ( <code>false</code>) or
* should be included as is ( <code>true</code>).
* @see #appendXmlEscaped(StringBuilder, String)
*
* TODO - unify the method above with the one below
*
* public to support unit testing - make this package private, once the
* unit test classes are in the same package.
*/
public static void appendXmlEscaped(StringBuilder buf, String src, boolean supportUTF8) {
char c;

14
pmd-core/src/test/java/net/sourceforge/pmd/renderers/AbstractRendererTst.java
View File

@ -41,28 +41,32 @@ public abstract class AbstractRendererTst {
return expected;
}
protected String getSourceCodeFilename() {
return "n/a";
}
@Test(expected = NullPointerException.class)
public void testNullPassedIn() throws Exception {
getRenderer().renderFileReport(null);
}
private static Report reportOneViolation() {
private Report reportOneViolation() {
Report report = new Report();
report.addRuleViolation(newRuleViolation(1));
return report;
}
private static Report reportTwoViolations() {
private Report reportTwoViolations() {
Report report = new Report();
report.addRuleViolation(newRuleViolation(1));
report.addRuleViolation(newRuleViolation(2));
return report;
}
private static RuleViolation newRuleViolation(int endColumn) {
private RuleViolation newRuleViolation(int endColumn) {
DummyNode node = createNode(endColumn);
RuleContext ctx = new RuleContext();
ctx.setSourceCodeFilename("n/a");
ctx.setSourceCodeFilename(getSourceCodeFilename());
return new ParametricRuleViolation<Node>(new FooRule(), ctx, node, "blah");
}
@ -79,7 +83,7 @@ public abstract class AbstractRendererTst {
public void testRuleWithProperties() throws Exception {
DummyNode node = createNode(1);
RuleContext ctx = new RuleContext();
ctx.setSourceCodeFilename("n/a");
ctx.setSourceCodeFilename(getSourceCodeFilename());
Report report = new Report();
RuleWithProperties theRule = new RuleWithProperties();
theRule.setProperty(RuleWithProperties.STRING_PROPERTY_DESCRIPTOR,

11
pmd-core/src/test/java/net/sourceforge/pmd/renderers/HTMLRendererTest.java
View File

@ -14,13 +14,18 @@ public class HTMLRendererTest extends AbstractRendererTst {
return new HTMLRenderer();
}
@Override
protected String getSourceCodeFilename() {
return "filename/that/needs <script>alert(1)</script> escaping.ext";
}
@Override
public String getExpected() {
return "<html><head><title>PMD</title></head><body>" + PMD.EOL
+ "<center><h3>PMD report</h3></center><center><h3>Problems found</h3></center><table align=\"center\" cellspacing=\"0\" cellpadding=\"3\"><tr>"
+ PMD.EOL + "<th>#</th><th>File</th><th>Line</th><th>Problem</th></tr>" + PMD.EOL
+ "<tr bgcolor=\"lightgrey\"> " + PMD.EOL + "<td align=\"center\">1</td>" + PMD.EOL
+ "<td width=\"*%\">n/a</td>" + PMD.EOL + "<td align=\"center\" width=\"5%\">1</td>" + PMD.EOL
+ "<td width=\"*%\">filename/that/needs &lt;script&gt;alert(1)&lt;/script&gt; escaping.ext</td>" + PMD.EOL + "<td align=\"center\" width=\"5%\">1</td>" + PMD.EOL
+ "<td width=\"*\">blah</td>" + PMD.EOL + "</tr>" + PMD.EOL + "</table></body></html>" + PMD.EOL;
}
@ -38,9 +43,9 @@ public class HTMLRendererTest extends AbstractRendererTst {
+ "<center><h3>PMD report</h3></center><center><h3>Problems found</h3></center><table align=\"center\" cellspacing=\"0\" cellpadding=\"3\"><tr>"
+ PMD.EOL + "<th>#</th><th>File</th><th>Line</th><th>Problem</th></tr>" + PMD.EOL
+ "<tr bgcolor=\"lightgrey\"> " + PMD.EOL + "<td align=\"center\">1</td>" + PMD.EOL
+ "<td width=\"*%\">n/a</td>" + PMD.EOL + "<td align=\"center\" width=\"5%\">1</td>" + PMD.EOL
+ "<td width=\"*%\">filename/that/needs &lt;script&gt;alert(1)&lt;/script&gt; escaping.ext</td>" + PMD.EOL + "<td align=\"center\" width=\"5%\">1</td>" + PMD.EOL
+ "<td width=\"*\">blah</td>" + PMD.EOL + "</tr>" + PMD.EOL + "<tr> " + PMD.EOL
+ "<td align=\"center\">2</td>" + PMD.EOL + "<td width=\"*%\">n/a</td>" + PMD.EOL
+ "<td align=\"center\">2</td>" + PMD.EOL + "<td width=\"*%\">filename/that/needs &lt;script&gt;alert(1)&lt;/script&gt; escaping.ext</td>" + PMD.EOL
+ "<td align=\"center\" width=\"5%\">1</td>" + PMD.EOL + "<td width=\"*\">blah</td>" + PMD.EOL + "</tr>"
+ PMD.EOL + "</table></body></html>" + PMD.EOL;
}

3
src/site/markdown/overview/changelog.md
View File

@ -19,6 +19,9 @@ This is a minor release.
### API Changes
* The method `net.sourceforge.pmd.util.StringUtil#htmlEncode(String)` is deprecated.
`org.apache.commons.lang3.StringEscapeUtils#escapeHtml4(String)` should be used instead.
### External Contributions
* [#368](https://github.com/pmd/pmd/pull/368): \[vf] Adding proper AST support for negation expressions