#!perl use strict; use warnings; use Test::More tests => 18; use CGI qw/ autoEscape escapeHTML button textfield password_field textarea popup_menu scrolling_list checkbox_group optgroup checkbox radio_group submit image_button button /; $CGI::Util::SORT_ATTRIBUTES = 1; is (button(-name => 'test<'), '', "autoEscape defaults to On"); my $before = escapeHTML("test<"); autoEscape(undef); my $after = escapeHTML("test<"); is($before, "test<", "reality check escapeHTML"); is ($before, $after, "passing undef to autoEscape doesn't break escapeHTML"); is (button(-name => 'test<'), '', "turning off autoescape actually works"); autoEscape(1); is (button(-name => 'test<'), '', "autoescape turns back on"); $before = escapeHTML("test<"); autoEscape(0); $after = escapeHTML("test<"); is ($before, $after, "passing 0 to autoEscape doesn't break escapeHTML"); # RT #25485: Needs Tests: autoEscape() bypassed for Javascript handlers, except in button() autoEscape(undef); is(textfield( { default => 'text field', onclick => 'alert("===> text field")', }, ), qq{ text field")" />}, 'autoescape javascript turns off for textfield' ); is(password_field( { default => 'password field', onclick => 'alert("===> password field")', }, ), qq{ password field")" />}, 'autoescape javascript turns off for password field' ); is(textarea( { name => 'foo', default => 'text area', rows => 10, columns => 50, onclick => 'alert("===> text area")', }, ), qq{}, 'autoescape javascript turns off for textarea' ); is(popup_menu( { name => 'menu_name', values => ['eenie','meenie','minie'], default => 'meenie', onclick => 'alert("===> popup menu")', } ), qq{}, 'autoescape javascript turns off for popup_menu' ); is(popup_menu( -name=>'menu_name', onclick => 'alert("===> menu group")', -values=>[ qw/eenie meenie minie/, optgroup( -name=>'optgroup_name', onclick => 'alert("===> menu group option")', -values => ['moe','catch'], -attributes=>{'catch'=>{'class'=>'red'}} ) ], -labels=>{ 'eenie'=>'one', 'meenie'=>'two', 'minie'=>'three' }, -default=>'meenie' ), qq{}, 'autoescape javascript turns off for popup_menu #2' ); is(scrolling_list( -name=>'list_name', onclick => 'alert("===> scrolling list")', -values=>['eenie','meenie','minie','moe'], -default=>['eenie','moe'], -size=>5, -multiple=>'true', ), qq{}, 'autoescape javascript turns off for scrolling list' ); is(checkbox_group( -name=>'group_name', onclick => 'alert("===> checkbox group")', -values=>['eenie','meenie','minie','moe'], -default=>['eenie','moe'], -linebreak=>'true', ), qq{ checkbox group")" />eenie
checkbox group")" />meenie
checkbox group")" />minie
checkbox group")" />moe
}, 'autoescape javascript turns off for checkbox group' ); is(checkbox( -name=>'checkbox_name', onclick => 'alert("===> single checkbox")', onchange => 'alert("===> single checkbox changed")', -checked=>1, -value=>'ON', -label=>'CLICK ME' ), qq{ single checkbox changed")" onclick="alert("===> single checkbox")" />CLICK ME}, 'autoescape javascript turns off for checkbox' ); is(radio_group( { name=>'group_name', onclick => 'alert("===> radio group")', values=>['eenie','meenie','minie','moe'], rows=>2, columns=>2, } ), qq{

radio group")" />eenie	radio group")" />minie
radio group")" />meenie	radio group")" />moe

}, 'autoescape javascript turns off for radio group' ); is(submit( -name=>'button_name', onclick => 'alert("===> submit button")', -value=>'value' ), qq{ submit button")" />}, 'autoescape javascript turns off for submit' ); is(image_button( -name=>'button_name', onclick => 'alert("===> image button")', -src=>'/source/URL', -align=>'MIDDLE' ), qq{ image button")" />}, 'autoescape javascript turns off for image_button' ); is(button( { onclick => 'alert("===> Button")', title => 'Button', }, ), qq{ Button")" title="Button" />}, 'autoescape javascript turns off for button' );