• NAME
• SYNOPSIS
• DESCRIPTION
• BUGS
• AUTHOR
• SEE ALSO

NAME

Test::CGI::Untaint - Test CGI::Untaint Local Extraction Handlers

SYNOPSIS

  use Test::More tests => 2;
  use Test::CGI::Untaint;

  # see that 'red' is extracted from 'Red'
  is_extractable("Red","red","validcolor");

  # see that validcolor fails
  unextractable("tree","validcolor");

DESCRIPTION

The CGI::Untaint module can be extended with ``Local Extraction Handlers'' that can be used define new ways of untainting data.

This module is designed to test these data extraction modules. It does this with the following methods:

is_extractable

Tests that first value passed has the second value passed extracted from it when the local extraction handler named in the third argument is called. An optional name for the test may be passed in the forth argument. For example:

  # check that "Buffy" is extracted from "Buffy Summers" with
  # the CGI::Untaint::slayer local extraction handler
  is_extractable("Buffy Summers","Buffy", "slayer");

unextractable

Checks that nothing is extracted from the first argument passed with the local extraction handler named in the second argument. For example:

  # check that nothing is extracted from "Willow Rosenberg"
  # with the CGI::Untaint::slayer local extraction handler
  unextractable("Willow Rosenberg", "slayer");

The third argument may optionally contain a name for the test.

is_extractable_deeply

Tests that first value passed has the second value passed extracted from it when the local extraction handler named in the third argument is called deeply. Where is_extractable does a simple string equality test, this does a proper deep check like is_deeply in Test::More. This is most useful when your class returns a big old data structure from is_valid rather than a simple scalar.

is_extractable_isa

Tests that the first value pass extracts something that is, or is a subclass of, the class passed in the second argument when the extraction handler .

And that's that all there is to it, apart from the one function that can be used to configure the test suite. It's not exported by default (though you may optionally import it if you want.)

config_vars

The config_vars function is a get/set function that can be used to set the hashref that will be passed to the creation of the CGI::Untaint object used for testing. For example, if you need to instruct CGI::Untaint to use a custom prefix for your local extraction handlers, you can do so like so:

  use Test::CGI::Untaint qw(:all);
  config_vars({ INCLUDE_PATH => "Profero" });

BUGS

None known.

Bugs (and requests for new features) can be reported to the open source development team at Profero though the CPAN RT system: http://rt.cpan.org/NoAuth/ReportBug.html

AUTHOR

Written By Mark Fowler <mark@twoshortplanks.com>.

Copyright Profero 2003

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

the Test::More manpage, the CGI::Untaint manpage