auto_escape_test.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Test the new auto_escape parameter in render() method
"""

from template_engine import TemplateEngine

def test_auto_escape_parameter():
    """Test the auto_escape parameter in render method."""
    
    print("🧪 Testing auto_escape parameter in render() method")
    print("=" * 60)
    
    # Create one engine instance
    engine = TemplateEngine(auto_escape=True, strict_mode=False)  # Default is HTML escaping
    
    # Sample data with HTML characters
    data = {
        'content': '<script>alert("XSS")</script>',
        'message': 'Hello & welcome to <b>our site</b>!'
    }
    
    template = 'Content: $content\nMessage: $message'
    
    print("Template:", repr(template))
    print("Data:", data)
    print()
    
    # Test 1: Use engine's default (auto_escape=True)
    print("1️⃣  Using engine's default (auto_escape=True):")
    result1 = engine.render(template, data)
    print(result1)
    print()
    
    # Test 2: Override to disable escaping
    print("2️⃣  Override to disable escaping (auto_escape=False):")
    result2 = engine.render(template, data, auto_escape=False)
    print(result2)
    print()
    
    # Test 3: Override to enable escaping
    print("3️⃣  Override to enable escaping (auto_escape=True):")
    result3 = engine.render(template, data, auto_escape=True)
    print(result3)
    print()
    
    # Test 4: Verify engine's setting is restored
    print("4️⃣  Verify engine's default setting is restored:")
    result4 = engine.render(template, data)
    print(result4)
    print()
    
    # Demonstrate the key difference
    print("🔍 Key Differences:")
    print("• auto_escape=True:  HTML characters are escaped for security")
    print("• auto_escape=False: HTML characters are preserved as-is")
    print()
    print("✅ Now you can decide escaping per render() call, not per engine!")

if __name__ == "__main__":
    test_auto_escape_parameter()