test: add tests for supplementary Unicode and Proxy-Authorization

- Add TestRenderAsciiJSONSupplementaryUnicode to verify emoji (U+1F600) is encoded as UTF-16 surrogate pair (\uD83D\uDE00) - Add Proxy-Authorization test case to TestSecureRequestDump to verify credentials are sanitized in recovery panic logs
2026-06-04 01:38:12 +08:00 · 2026-04-09 06:35:52 -07:00 · 2026-04-09 06:35:52 -07:00 · 4ce483f0f4
commit 4ce483f0f4
parent 08e51b48be
2 changed files with 20 additions and 0 deletions
--- a/recovery_test.go
+++ b/recovery_test.go
@ -293,6 +293,16 @@ func TestSecureRequestDump(t *testing.T) {
 			wantContains:   "Authorization: *",
 			wantNotContain: "token123",
 		},
+		{
+			name: "Proxy-Authorization header",
+			req: func() *http.Request {
+				r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil)
+				r.Header.Set("Proxy-Authorization", "Basic cHJveHk6c2VjcmV0")
+				return r
+			}(),
+			wantContains:   "Proxy-Authorization: *",
+			wantNotContain: "Basic cHJveHk6c2VjcmV0",
+		},
 		{
 			name: "No Authorization header",
 			req: func() *http.Request {
--- a/render/render_test.go
+++ b/render/render_test.go
@ -261,6 +261,16 @@ func TestRenderAsciiJSON(t *testing.T) {
 	assert.Equal(t, "3.1415926", w2.Body.String())
 }

+func TestRenderAsciiJSONSupplementaryUnicode(t *testing.T) {
+	w := httptest.NewRecorder()
+	data := map[string]string{"emoji": "😀"}
+
+	err := (AsciiJSON{data}).Render(w)
+	require.NoError(t, err)
+	// U+1F600 must be encoded as UTF-16 surrogate pair per RFC 8259
+	assert.Equal(t, "{\"emoji\":\"\\ud83d\\ude00\"}", w.Body.String())
+}
+
 func TestRenderAsciiJSONFail(t *testing.T) {
 	w := httptest.NewRecorder()
 	data := make(chan int)