Add functionality to escape html strings to the javascript agent
renames unescapeHTML to unescapeHtml, and updates the description to mention these two methods.
Rachel Brindle
2 changed files with 14 additions and 7 deletions
+ 10
- 3
app/models/agents/java_script_agent.rb
@@ -21,6 +21,8 @@ module Agents |
||
| 21 | 21 |
* `this.options(key)` |
| 22 | 22 |
* `this.log(message)` |
| 23 | 23 |
* `this.error(message)` |
| 24 |
+ * `this.escapeHtml(htmlToEscape)` |
|
| 25 |
+ * `this.unescapeHtml(htmlToUnescape)` |
|
| 24 | 26 |
MD |
| 25 | 27 |
|
| 26 | 28 |
def validate_options |
@@ -102,7 +104,8 @@ module Agents |
||
| 102 | 104 |
memory.to_json |
| 103 | 105 |
end |
| 104 | 106 |
end |
| 105 |
- context["unescapeHTML"] = lambda { |a, x| CGI.unescapeHTML(x) }
|
|
| 107 |
+ context["escapeHtml"] = lambda { |a, x| CGI.escapeHTML(x) }
|
|
| 108 |
+ context["unescapeHtml"] = lambda { |a, x| CGI.unescapeHTML(x) }
|
|
| 106 | 109 |
|
| 107 | 110 |
context.eval(code) |
| 108 | 111 |
context.eval("Agent.#{js_function}();")
|
@@ -159,8 +162,12 @@ module Agents |
||
| 159 | 162 |
doError(message); |
| 160 | 163 |
} |
| 161 | 164 |
|
| 162 |
- Agent.unescapeHTML = function(html) {
|
|
| 163 |
- return unescapeHTML(html); |
|
| 165 |
+ Agent.escapeHtml = function(html) {
|
|
| 166 |
+ return escapeHtml(html); |
|
| 167 |
+ } |
|
| 168 |
+ |
|
| 169 |
+ Agent.unescapeHtml = function(html) {
|
|
| 170 |
+ return unescapeHtml(html); |
|
| 164 | 171 |
} |
| 165 | 172 |
|
| 166 | 173 |
Agent.check = function(){};
|
+ 4
- 4
spec/models/agents/java_script_agent_spec.rb
@@ -162,9 +162,9 @@ describe Agents::JavaScriptAgent do |
||
| 162 | 162 |
end |
| 163 | 163 |
end |
| 164 | 164 |
|
| 165 |
- describe "unescaping HTML" do |
|
| 166 |
- it "can unescape html with this.unescapeHTML in the javascript environment" do |
|
| 167 |
- @agent.options['code'] = 'Agent.check = function() { this.createEvent({ message: this.unescapeHTML(\'test "escaping" <characters>\'), stuff: { foo: 5 } }); };'
|
|
| 165 |
+ describe "escaping and unescaping HTML" do |
|
| 166 |
+ it "can escape and unescape html with this.escapeHtml and this.unescapeHtml in the javascript environment" do |
|
| 167 |
+ @agent.options['code'] = 'Agent.check = function() { this.createEvent({ escaped: this.escapeHtml(\'test \"escaping\" <characters>\'), unescaped: this.unescapeHtml(\'test "unescaping" <characters>\')}); };'
|
|
| 168 | 168 |
@agent.save! |
| 169 | 169 |
expect {
|
| 170 | 170 |
expect {
|
@@ -172,7 +172,7 @@ describe Agents::JavaScriptAgent do |
||
| 172 | 172 |
}.not_to change { AgentLog.count }
|
| 173 | 173 |
}.to change { Event.count}.by(1)
|
| 174 | 174 |
created_event = @agent.events.last |
| 175 |
- expect(created_event.payload).to eq({ 'message' => 'test "escaping" <characters>', 'stuff' => { 'foo' => 5 }})
|
|
| 175 |
+ expect(created_event.payload).to eq({ 'escaped' => 'test "escaping" <characters>', 'unescaped' => 'test "unescaping" <characters>'})
|
|
| 176 | 176 |
end |
| 177 | 177 |
end |
| 178 | 178 |
|