Пример #1
0
 public void testWithNullResolvedCommand() throws Exception {
   try {
     tag.setCommandName(null);
     tag.doStartTag();
     fail("Must not be able to have a command name that resolves to null");
   } catch (IllegalArgumentException ex) {
     // expected
   }
 }
Пример #2
0
 /*
  * See http://opensource.atlassian.com/projects/spring/browse/SPR-2645
  */
 public void testXSSScriptingExploitWhenActionIsResolvedFromQueryString() throws Exception {
   String xssQueryString = QUERY_STRING + "&stuff=\"><script>alert('XSS!')</script>";
   request.setQueryString(xssQueryString);
   tag.doStartTag();
   assertEquals(
       "<form id=\"command\" action=\"/my/form?foo=bar&amp;stuff=&quot;&gt;&lt;script&gt;alert(&#39;XSS!&#39;)&lt;/script&gt;\" method=\"post\">",
       getOutput());
 }