view release on metacpan or  search on metacpan

t/60_form_edge.t  view on Meta::CPAN

    $f->textarea('notes', { label => 'Notes' });
    my $html = $f->render;
    like($html, qr/<textarea[^>]*><\/textarea>/, 'empty textarea content');
}

# ---- textarea with cols ----
{
    my $f = Chandra::Form->new(id => 'e9');
    $f->textarea('code', { cols => 80, rows => 10 });
    my $html = $f->render;
    like($html, qr/cols="80"/, 'cols attribute');
    like($html, qr/rows="10"/, 'rows attribute');
}

# ---- disabled and readonly ----
{
    my $f = Chandra::Form->new(id => 'e10');
    $f->text('dis', { disabled => 1 });
    $f->text('ro', { readonly => 1 });
    my $html = $f->render;
    like($html, qr/name="dis"[^>]*disabled/, 'disabled attribute');
    like($html, qr/name="ro"[^>]*readonly/, 'readonly attribute');
}

# ---- autofocus ----
{
    my $f = Chandra::Form->new(id => 'e11');
    $f->text('focus', { autofocus => 1 });
    my $html = $f->render;
    like($html, qr/autofocus/, 'autofocus attribute');
}

# ---- pattern attribute ----
{
    my $f = Chandra::Form->new(id => 'e12');
    $f->text('code', { pattern => '[A-Z]{3}' });
    my $html = $f->render;
    like($html, qr/pattern="\[A-Z\]\{3\}"/, 'pattern attribute');
}

# ---- custom class on field ----
{
    my $f = Chandra::Form->new(id => 'e13');
    $f->text('styled', { class => 'big-input' });
    my $html = $f->render;
    like($html, qr/class="big-input"/, 'custom class on input');
}

# ---- Multiple groups ----
{
    my $f = Chandra::Form->new(id => 'mg');
    $f->group('Group A' => sub {
        $f->text('a1', {});
    });
    $f->group('Group B' => sub {
        $f->text('b1', {});
    });
    my $html = $f->render;
    my @fieldsets = ($html =~ /<fieldset/g);
    is(scalar @fieldsets, 2, 'two fieldsets');
    my @legends = ($html =~ /<legend>(.*?)<\/legend>/g);
    is_deeply(\@legends, ['Group A', 'Group B'], 'legend text');
}

# ---- group() rejects non-coderef ----
{
    my $f = Chandra::Form->new(id => 'eg');
    eval { $f->group('Bad', 'not a sub') };
    like($@, qr/coderef/, 'group rejects non-coderef');
}

# ---- on_change() bad args ----
{
    my $f = Chandra::Form->new(id => 'ocb');
    eval { $f->on_change('not_a_sub') };
    like($@, qr/coderef/, 'on_change rejects bad args');
}

# ---- action() set rejects non-coderef ----
{
    my $f = Chandra::Form->new(id => 'actb');
    eval { $f->action('string') };
    like($@, qr/coderef/, 'action rejects non-coderef');
}

# ---- set_values_js() rejects non-hashref ----
{
    my $f = Chandra::Form->new(id => 'svb');
    eval { $f->set_values_js('not a ref') };
    like($@, qr/hashref/, 'set_values_js rejects non-hashref');
}

# ---- show_errors_js() rejects non-hashref ----
{
    my $f = Chandra::Form->new(id => 'seb');
    eval { $f->show_errors_js([]) };
    like($@, qr/hashref/, 'show_errors_js rejects non-hashref');
}

# ---- XSS in field name ----
{
    my $f = Chandra::Form->new(id => 'xss');
    $f->text('x"><script>alert(1)</script>', { label => 'Test' });
    my $html = $f->render;
    unlike($html, qr/<script>/, 'XSS in name escaped');
    like($html, qr/&lt;script&gt;|&quot;/, 'dangerous chars escaped');
}

# ---- XSS in select option label ----
{
    my $f = Chandra::Form->new(id => 'xss2');
    $f->select('s', {
        options => [{ value => 'x', label => '<img onerror=alert(1)>' }],
    });
    my $html = $f->render;
    unlike($html, qr/<img/, 'XSS in option label escaped');
}

# ---- group label escaping ----
{
    my $f = Chandra::Form->new(id => 'gesc');
    $f->group('<script>bad</script>' => sub {