2 // System.Web.HttpUtilityTest.cs - Unit tests for System.Web.HttpUtility
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using NUnit.Framework;
34 namespace MonoTests.System.Web {
37 public class HttpUtilityTest {
40 public void HtmlEncode_LtGt ()
42 Assert.AreEqual ("<script>", HttpUtility.HtmlEncode ("<script>"));
46 // * this is to avoid a regression that would cause Mono to
47 // fail item #3 of the XSS vulnerabilities listed at:
48 // http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml
49 // we didn't fall the first time so let's ensure we never will
50 // * The author notes that Microsoft has decided not to fix
51 // this issue (hence the NotDotNet category).
54 [Category ("NotDotNet")]
55 public void HtmlEncode_XSS ()
57 string problem = "\xff1cscript\xff1e"; // unicode looks alike <script>
58 byte[] utf8data = Encoding.UTF8.GetBytes (problem);
59 Encoding win1251 = Encoding.GetEncoding ("windows-1251");
60 byte[] windata = Encoding.Convert (Encoding.UTF8, win1251, utf8data);
61 // now it's a real problem
62 Assert.AreEqual ("<script>", Encoding.ASCII.GetString (windata), "<script>");
64 string encoded = HttpUtility.HtmlEncode (problem);
65 Assert.AreEqual ("<script>", encoded, "<script>");
67 utf8data = Encoding.UTF8.GetBytes (encoded);
68 windata = Encoding.Convert (Encoding.UTF8, win1251, utf8data);
69 Assert.AreEqual ("<script>", Encoding.ASCII.GetString (windata), "ok");
73 public void UrlDecodeToBytes ()
75 byte[] bytes = HttpUtility.UrlDecodeToBytes ("%5c");
76 Assert.AreEqual (1, bytes.Length, "#1");
77 Assert.AreEqual (0x5c, bytes [0], "#2");
78 bytes = HttpUtility.UrlDecodeToBytes ("%5");
79 Assert.AreEqual (2, bytes.Length, "#3");
80 Assert.AreEqual (0x25, bytes [0], "#4");
81 Assert.AreEqual (0x25, bytes [0], "#5");
86 public void EscapedCharacters ()
88 for (int i = 0; i < 256; i++) {
89 string str = new string ((char) i, 1);
90 string encoded = HttpUtility.HtmlEncode (str);
91 if ((i > 159 && i < 256 ) || i == '&' || i == '<' || i == '>' || i == '"') {
92 if (encoded [0] != '&' || encoded [encoded.Length - 1] != ';')
93 Assert.Fail ("Failed for i = " + i);
94 } else if (encoded.Length != 1) {
95 Assert.Fail ("Wrong length for i = " + i);
101 public void Decode1 ()
103 Assert.AreEqual ("\xE9", HttpUtility.HtmlDecode ("é"));
107 public void RoundTrip ()
109 string x = "<html>& hello+= world!";
110 string y = HttpUtility.HtmlEncode (x);
111 string z = HttpUtility.HtmlDecode (y);
112 Assert.AreEqual (x, z);
116 public void LooksLikeEntity ()
118 string str = "<%# \"hola\" + \"/somepage.aspx?ItemID=\" + DataBinder.Eval(Container.DataItem,\"Country\")" +
119 " + \"&mid=\" + ModuleID + \"&pageindex=\" + Request.Params.Get(\"pageindex\") %>";
120 Assert.AreEqual (str, HttpUtility.HtmlDecode (str));
124 public void UrlEncodeUnicodeTest ()
126 string str = "schön";
128 Assert.AreEqual (str, HttpUtility.UrlEncodeUnicode ("sch%00f6n"), "#1");
129 Assert.AreEqual ("abc", "abc", "#2");