(t *testing.T)
| 458 | } |
| 459 | |
| 460 | func TestContextInline(t *testing.T) { |
| 461 | var testCases = []struct { |
| 462 | name string |
| 463 | whenName string |
| 464 | expectHeader string |
| 465 | }{ |
| 466 | { |
| 467 | name: "ok", |
| 468 | whenName: "walle.png", |
| 469 | expectHeader: `inline; filename="walle.png"`, |
| 470 | }, |
| 471 | { |
| 472 | name: "ok, escape quotes in malicious filename", |
| 473 | whenName: `malicious.sh"; \"; dummy=.txt`, |
| 474 | expectHeader: `inline; filename="malicious.sh\"; \\\"; dummy=.txt"`, |
| 475 | }, |
| 476 | } |
| 477 | for _, tc := range testCases { |
| 478 | t.Run(tc.name, func(t *testing.T) { |
| 479 | e := New() |
| 480 | rec := httptest.NewRecorder() |
| 481 | req := httptest.NewRequest(http.MethodGet, "/", nil) |
| 482 | c := e.NewContext(req, rec) |
| 483 | |
| 484 | err := c.Inline("_fixture/images/walle.png", tc.whenName) |
| 485 | if assert.NoError(t, err) { |
| 486 | assert.Equal(t, tc.expectHeader, rec.Header().Get(HeaderContentDisposition)) |
| 487 | |
| 488 | assert.Equal(t, http.StatusOK, rec.Code) |
| 489 | assert.Equal(t, 219885, rec.Body.Len()) |
| 490 | } |
| 491 | }) |
| 492 | } |
| 493 | } |
| 494 | |
| 495 | func TestContextNoContent(t *testing.T) { |
| 496 | e := New() |
nothing calls this directly
no test coverage detected
searching dependent graphs…