1#!perl 2 3use strict; 4use warnings; 5 6use Test::More tests => 18; 7 8use CGI qw/ autoEscape escapeHTML button textfield password_field textarea popup_menu scrolling_list checkbox_group optgroup checkbox radio_group submit image_button button /; 9 10is (button(-name => 'test<'), '<input type="button" name="test<" value="test<" />', "autoEscape defaults to On"); 11 12my $before = escapeHTML("test<"); 13autoEscape(undef); 14my $after = escapeHTML("test<"); 15 16 17is($before, "test<", "reality check escapeHTML"); 18 19is ($before, $after, "passing undef to autoEscape doesn't break escapeHTML"); 20is (button(-name => 'test<'), '<input type="button" name="test<" value="test<" />', "turning off autoescape actually works"); 21autoEscape(1); 22is (button(-name => 'test<'), '<input type="button" name="test<" value="test<" />', "autoescape turns back on"); 23$before = escapeHTML("test<"); 24autoEscape(0); 25$after = escapeHTML("test<"); 26 27is ($before, $after, "passing 0 to autoEscape doesn't break escapeHTML"); 28 29# RT #25485: Needs Tests: autoEscape() bypassed for Javascript handlers, except in button() 30autoEscape(undef); 31 32is(textfield( 33{ 34default => 'text field', 35onclick => 'alert("===> text field")', 36}, 37), 38qq{<input type="text" name="" value="text field" onclick="alert("===> text field")" />}, 39'autoescape javascript turns off for textfield' 40); 41 42is(password_field( 43{ 44default => 'password field', 45onclick => 'alert("===> password 46field")', 47}, 48), 49qq{<input type="password" name="" value="password field" onclick="alert("===> password 50field")" />}, 51'autoescape javascript turns off for password field' 52); 53 54is(textarea( 55{ 56name => 'foo', 57default => 'text area', 58rows => 10, 59columns => 50, 60onclick => 'alert("===> text area")', 61}, 62), 63qq{<textarea name="foo" rows="10" cols="50" onclick="alert("===> text area")">text area</textarea>}, 64'autoescape javascript turns off for textarea' 65); 66 67is(popup_menu( 68{ 69name => 'menu_name', 70values => ['eenie','meenie','minie'], 71default => 'meenie', 72onclick => 'alert("===> popup menu")', 73} 74), 75qq{<select name="menu_name" onclick="alert("===> popup menu")"> 76<option value="eenie">eenie</option> 77<option selected="selected" value="meenie">meenie</option> 78<option value="minie">minie</option> 79</select>}, 80'autoescape javascript turns off for popup_menu' 81); 82 83is(popup_menu( 84-name=>'menu_name', 85onclick => 'alert("===> menu group")', 86-values=>[ 87qw/eenie meenie minie/, 88optgroup( 89-name=>'optgroup_name', 90onclick => 91'alert("===> menu group option")', 92-values => ['moe','catch'], 93-attributes=>{'catch'=>{'class'=>'red'}} 94) 95], 96-labels=>{ 97'eenie'=>'one', 98'meenie'=>'two', 99'minie'=>'three' 100}, 101-default=>'meenie' 102), 103qq{<select name="menu_name" onclick="alert("===> menu group")"> 104<option value="eenie">one</option> 105<option selected="selected" value="meenie">two</option> 106<option value="minie">three</option> 107<optgroup label="optgroup_name" onclick="alert("===> menu group option")"> 108<option value="moe">moe</option> 109<option class="red" value="catch">catch</option> 110</optgroup> 111</select>}, 112'autoescape javascript turns off for popup_menu #2' 113); 114 115is(scrolling_list( 116-name=>'list_name', 117onclick => 'alert("===> scrolling 118list")', 119-values=>['eenie','meenie','minie','moe'], 120-default=>['eenie','moe'], 121-size=>5, 122-multiple=>'true', 123), 124qq{<select name="list_name" size="5" multiple="multiple" onclick="alert("===> scrolling 125list")"> 126<option selected="selected" value="eenie">eenie</option> 127<option value="meenie">meenie</option> 128<option value="minie">minie</option> 129<option selected="selected" value="moe">moe</option> 130</select>}, 131'autoescape javascript turns off for scrolling list' 132); 133 134is(checkbox_group( 135-name=>'group_name', 136onclick => 'alert("===> checkbox group")', 137-values=>['eenie','meenie','minie','moe'], 138-default=>['eenie','moe'], 139-linebreak=>'true', 140), 141qq{<label><input type="checkbox" name="group_name" value="eenie" checked="checked" onclick="alert("===> checkbox group")" />eenie</label><br /> <label><input type="checkbox" name="group_name" value="meenie" onclick="alert("===> checkbox group")" />meenie</label><br /> <label><input type="checkbox" name="group_name" value="minie" onclick="alert("===> checkbox group")" />minie</label><br /> <label><input type="checkbox" name="group_name" value="moe" checked="checked" onclick="alert("===> checkbox group")" />moe</label><br />}, 142'autoescape javascript turns off for checkbox group' 143); 144 145is(checkbox( 146-name=>'checkbox_name', 147onclick => 'alert("===> single checkbox")', 148onchange => 'alert("===> single checkbox 149changed")', 150-checked=>1, 151-value=>'ON', 152-label=>'CLICK ME' 153), 154qq{<label><input type="checkbox" name="checkbox_name" value="ON" checked="checked" onchange="alert("===> single checkbox 155changed")" onclick="alert("===> single checkbox")" />CLICK ME</label>}, 156'autoescape javascript turns off for checkbox' 157); 158 159is(radio_group( 160{ 161name=>'group_name', 162onclick => 'alert("===> radio group")', 163values=>['eenie','meenie','minie','moe'], 164rows=>2, 165columns=>2, 166} 167), 168qq{<table><tr><td><label><input type="radio" name="group_name" value="eenie" checked="checked" onclick="alert("===> radio group")" />eenie</label></td><td><label><input type="radio" name="group_name" value="minie" onclick="alert("===> radio group")" />minie</label></td></tr><tr><td><label><input type="radio" name="group_name" value="meenie" onclick="alert("===> radio group")" />meenie</label></td><td><label><input type="radio" name="group_name" value="moe" onclick="alert("===> radio group")" />moe</label></td></tr></table>}, 169'autoescape javascript turns off for radio group' 170); 171 172is(submit( 173-name=>'button_name', 174onclick => 'alert("===> submit button")', 175-value=>'value' 176), 177qq{<input type="submit" name="button_name" value="value" onclick="alert("===> submit button")" />}, 178'autoescape javascript turns off for submit' 179); 180 181is(image_button( 182-name=>'button_name', 183onclick => 'alert("===> image button")', 184-src=>'/source/URL', 185-align=>'MIDDLE' 186), 187qq{<input type="image" name="button_name" src="/source/URL" align="middle" onclick="alert("===> image button")" />}, 188'autoescape javascript turns off for image_button' 189); 190 191is(button( 192{ 193onclick => 'alert("===> Button")', 194title => 'Button', 195}, 196), 197qq{<input type="button" onclick="alert("===> Button")" title="Button" />}, 198'autoescape javascript turns off for button' 199); 200