Nothing
tests/testthat/test-js-injection.R
In DT2: 'DataTables' 2.x for R
# Tests for safe JS string interpolation in the format helpers.
# Previously strings were injected with sprintf("'%s'", x), which produced
# invalid JS when the value itself contained a quote.
test_that(".dt2_js_str produces valid, escaped JS string literals", {
expect_equal(.dt2_js_str("R$"), '"R$"')
expect_equal(.dt2_js_str("a\"b"), '"a\\"b"')
expect_equal(.dt2_js_str(NULL), "null")
expect_equal(.dt2_js_str(NULL, "undefined"), "undefined")
})
test_that("dt2_format_number safely quotes a prefix containing a quote", {
o <- dt2_format_number(list(columns = "x"), 1, prefix = "O'Brien $")
r <- as.character(o$columnDefs[[1]]$render)
# valid double-quoted JS literal ...
expect_true(grepl('"O\'Brien $"', r, fixed = TRUE))
# ... not the broken single-quoted form
expect_false(grepl("'O'Brien $'", r, fixed = TRUE))
})
test_that("dt2_format_number renders NULL separators as null", {
o <- dt2_format_number(list(columns = "x"), 1,
thousands = NULL, decimal = NULL, digits = 2)
r <- as.character(o$columnDefs[[1]]$render)
expect_true(grepl("render.number(null,null,2", r, fixed = TRUE))
})
test_that("dt2_format_datetime renders NULL args as undefined", {
o <- dt2_format_datetime(list(columns = "x"), 1, from = NULL, to = "DD/MM/YYYY")
r <- as.character(o$columnDefs[[1]]$render)
expect_true(grepl("undefined", r, fixed = TRUE))
expect_true(grepl('"DD/MM/YYYY"', r, fixed = TRUE))
})
Try the DT2 package in your browser
Any scripts or data that you put into this service are public.
DT2 documentation built on June 14, 2026, 9:06 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
# Tests for safe JS string interpolation in the format helpers.
# Previously strings were injected with sprintf("'%s'", x), which produced
# invalid JS when the value itself contained a quote.
test_that(".dt2_js_str produces valid, escaped JS string literals", {
expect_equal(.dt2_js_str("R$"), '"R$"')
expect_equal(.dt2_js_str("a\"b"), '"a\\"b"')
expect_equal(.dt2_js_str(NULL), "null")
expect_equal(.dt2_js_str(NULL, "undefined"), "undefined")
})
test_that("dt2_format_number safely quotes a prefix containing a quote", {
o <- dt2_format_number(list(columns = "x"), 1, prefix = "O'Brien $")
r <- as.character(o$columnDefs[[1]]$render)
# valid double-quoted JS literal ...
expect_true(grepl('"O\'Brien $"', r, fixed = TRUE))
# ... not the broken single-quoted form
expect_false(grepl("'O'Brien $'", r, fixed = TRUE))
})
test_that("dt2_format_number renders NULL separators as null", {
o <- dt2_format_number(list(columns = "x"), 1,
thousands = NULL, decimal = NULL, digits = 2)
r <- as.character(o$columnDefs[[1]]$render)
expect_true(grepl("render.number(null,null,2", r, fixed = TRUE))
})
test_that("dt2_format_datetime renders NULL args as undefined", {
o <- dt2_format_datetime(list(columns = "x"), 1, from = NULL, to = "DD/MM/YYYY")
r <- as.character(o$columnDefs[[1]]$render)
expect_true(grepl("undefined", r, fixed = TRUE))
expect_true(grepl('"DD/MM/YYYY"', r, fixed = TRUE))
})
Try the DT2 package in your browser
Any scripts or data that you put into this service are public.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.