1#!perl
2
3use strict;
4use warnings;
5
6use Test::More tests => 18;
7
8use CGI qw/ autoEscape escapeHTML button textfield password_field textarea popup_menu scrolling_list checkbox_group optgroup checkbox radio_group submit image_button button /;
9
10is (button(-name => 'test<'), '<input type="button"  name="test&lt;" value="test&lt;" />', "autoEscape defaults to On");
11
12my $before = escapeHTML("test<");
13autoEscape(undef);
14my $after = escapeHTML("test<");
15
16
17is($before, "test&lt;", "reality check escapeHTML");
18
19is ($before, $after, "passing undef to autoEscape doesn't break escapeHTML");
20is (button(-name => 'test<'), '<input type="button"  name="test<" value="test<" />', "turning off autoescape actually works");
21autoEscape(1);
22is (button(-name => 'test<'), '<input type="button"  name="test&lt;" value="test&lt;" />', "autoescape turns back on");
23$before = escapeHTML("test<");
24autoEscape(0);
25$after = escapeHTML("test<");
26
27is ($before, $after, "passing 0 to autoEscape doesn't break escapeHTML");
28
29# RT #25485: Needs Tests: autoEscape() bypassed for Javascript handlers, except in button()
30autoEscape(undef);
31
32is(textfield(
33{
34default => 'text field',
35onclick => 'alert("===> text field")',
36},
37),
38qq{<input type="text" name="" value="text field" onclick="alert("===> text field")" />},
39'autoescape javascript turns off for textfield'
40);
41
42is(password_field(
43{
44default => 'password field',
45onclick => 'alert("===> password
46field")',
47},
48),
49qq{<input type="password" name="" value="password field" onclick="alert("===> password
50field")" />},
51'autoescape javascript turns off for password field'
52);
53
54is(textarea(
55{
56name => 'foo',
57default => 'text area',
58rows => 10,
59columns => 50,
60onclick => 'alert("===> text area")',
61},
62),
63qq{<textarea name="foo"  rows="10" cols="50" onclick="alert("===> text area")">text area</textarea>},
64'autoescape javascript turns off for textarea'
65);
66
67is(popup_menu(
68{
69name => 'menu_name',
70values => ['eenie','meenie','minie'],
71default => 'meenie',
72onclick => 'alert("===> popup menu")',
73}
74),
75qq{<select name="menu_name"  onclick="alert("===> popup menu")">
76<option value="eenie">eenie</option>
77<option selected="selected" value="meenie">meenie</option>
78<option value="minie">minie</option>
79</select>},
80'autoescape javascript turns off for popup_menu'
81);
82
83is(popup_menu(
84-name=>'menu_name',
85onclick => 'alert("===> menu group")',
86-values=>[
87qw/eenie meenie minie/,
88optgroup(
89-name=>'optgroup_name',
90onclick =>
91'alert("===> menu group option")',
92-values => ['moe','catch'],
93-attributes=>{'catch'=>{'class'=>'red'}}
94)
95],
96-labels=>{
97'eenie'=>'one',
98'meenie'=>'two',
99'minie'=>'three'
100},
101-default=>'meenie'
102),
103qq{<select name="menu_name"  onclick="alert("===> menu group")">
104<option value="eenie">one</option>
105<option selected="selected" value="meenie">two</option>
106<option value="minie">three</option>
107<optgroup label="optgroup_name" onclick="alert("===> menu group option")">
108<option value="moe">moe</option>
109<option class="red" value="catch">catch</option>
110</optgroup>
111</select>},
112'autoescape javascript turns off for popup_menu #2'
113);
114
115is(scrolling_list(
116-name=>'list_name',
117onclick => 'alert("===> scrolling
118list")',
119-values=>['eenie','meenie','minie','moe'],
120-default=>['eenie','moe'],
121-size=>5,
122-multiple=>'true',
123),
124qq{<select name="list_name"  size="5" multiple="multiple" onclick="alert("===> scrolling
125list")">
126<option selected="selected" value="eenie">eenie</option>
127<option value="meenie">meenie</option>
128<option value="minie">minie</option>
129<option selected="selected" value="moe">moe</option>
130</select>},
131'autoescape javascript turns off for scrolling list'
132);
133
134is(checkbox_group(
135-name=>'group_name',
136onclick => 'alert("===> checkbox group")',
137-values=>['eenie','meenie','minie','moe'],
138-default=>['eenie','moe'],
139-linebreak=>'true',
140),
141qq{<label><input type="checkbox" name="group_name" value="eenie" checked="checked" onclick="alert("===> checkbox group")" />eenie</label><br /> <label><input type="checkbox" name="group_name" value="meenie" onclick="alert("===> checkbox group")" />meenie</label><br /> <label><input type="checkbox" name="group_name" value="minie" onclick="alert("===> checkbox group")" />minie</label><br /> <label><input type="checkbox" name="group_name" value="moe" checked="checked" onclick="alert("===> checkbox group")" />moe</label><br />},
142'autoescape javascript turns off for checkbox group'
143);
144
145is(checkbox(
146-name=>'checkbox_name',
147onclick => 'alert("===> single checkbox")',
148onchange => 'alert("===> single checkbox
149changed")',
150-checked=>1,
151-value=>'ON',
152-label=>'CLICK ME'
153),
154qq{<label><input type="checkbox" name="checkbox_name" value="ON" checked="checked" onchange="alert("===> single checkbox
155changed")" onclick="alert("===> single checkbox")" />CLICK ME</label>},
156'autoescape javascript turns off for checkbox'
157);
158
159is(radio_group(
160{
161name=>'group_name',
162onclick => 'alert("===> radio group")',
163values=>['eenie','meenie','minie','moe'],
164rows=>2,
165columns=>2,
166}
167),
168qq{<table><tr><td><label><input type="radio" name="group_name" value="eenie" checked="checked" onclick="alert("===> radio group")" />eenie</label></td><td><label><input type="radio" name="group_name" value="minie" onclick="alert("===> radio group")" />minie</label></td></tr><tr><td><label><input type="radio" name="group_name" value="meenie" onclick="alert("===> radio group")" />meenie</label></td><td><label><input type="radio" name="group_name" value="moe" onclick="alert("===> radio group")" />moe</label></td></tr></table>},
169'autoescape javascript turns off for radio group'
170);
171
172is(submit(
173-name=>'button_name',
174onclick => 'alert("===> submit button")',
175-value=>'value'
176),
177qq{<input type="submit" name="button_name" value="value" onclick="alert("===> submit button")" />},
178'autoescape javascript turns off for submit'
179);
180
181is(image_button(
182-name=>'button_name',
183onclick => 'alert("===> image button")',
184-src=>'/source/URL',
185-align=>'MIDDLE'
186),
187qq{<input type="image" name="button_name" src="/source/URL" align="middle" onclick="alert("===> image button")" />},
188'autoescape javascript turns off for image_button'
189);
190
191is(button(
192{
193onclick => 'alert("===> Button")',
194title => 'Button',
195},
196),
197qq{<input type="button"  onclick="alert("===> Button")" title="Button" />},
198'autoescape javascript turns off for button'
199);
200