1   package com.atlassian.velocity;
2   
3   import com.atlassian.core.util.map.EasyMap;
4   import junit.framework.TestCase;
5   import org.apache.velocity.app.VelocityEngine;
6   import org.apache.velocity.context.Context;
7   
8   import java.io.Writer;
9   
10  public class TestDefaultVelocityManager extends TestCase
11  {
12      public void testGetBodyReturnsHtmlEscapedError() throws Exception
13      {
14          final VelocityEngine ve = new VelocityEngine()
15          {
16              public boolean mergeTemplate(final String s, final Context context, final Writer writer) throws Exception
17              {
18                  throw new Exception("<script>ATTACK</script>");
19              }
20          };
21  
22          DefaultVelocityManager manager = new DefaultVelocityManager()
23          {
24              protected synchronized VelocityEngine getVe()
25              {
26                  return ve;
27              }
28          };
29  
30          String result = manager.getBody("", "", EasyMap.build());
31          assertTrue(result.indexOf("&lt;script&gt;") >= 0);
32          assertFalse(result.indexOf("<script>") >= 0);
33      }
34  }