Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(406)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: common/data/text/sanitizehtml/sanitize_test.go

Issue 2849353002: sanitizehtml: add a package to sanitize HTML (Closed)
Patch Set: fix comments Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « common/data/text/sanitizehtml/sanitize.go ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file.
4
5 package sanitizehtml
6
7 import (
8 "bytes"
9 "strings"
10 "testing"
11
12 . "github.com/smartystreets/goconvey/convey"
13 )
14
15 func TestSanitize(t *testing.T) {
16 t.Parallel()
17
18 cases := []struct {
19 in, out string
20 }{
21 // Scripts
22 {
23 `<script src="evil.js"/>`,
24 ``,
25 },
26
27 // Paragraphs
28 {
29 `<p style="font-size: 100">hi</p>`,
30 `<p>hi</p>`,
31 },
32 {
33 `<P>hi</P>`,
34 `<p>hi</p>`,
35 },
36 {
37 `a<br>b`,
38 `a<br>b`,
39 },
40
41 // Lists
42 {
43 `<ul foo="bar">
44 <li x="y">a</li>
45 <li>a</li>
46 </ul>`,
47 `<ul>
48 <li>a</li>
49 <li>a</li>
50 </ul>`,
51 },
52
53 // Links
54 {
55 `<a href="https://ci.chromium.org" alt="x">link</a>`,
56 `<a rel="noopener" target="_blank" href="https://ci.chro mium.org" alt="x">link</a>`,
57 },
58 {
59 `<a href="javascript:evil.js">link</a>`,
60 `<a rel="noopener" target="_blank" href="about:invalid#s anitized&amp;reason=disallowed-scheme">link</a>`,
61 },
62 {
63 `<a href="about:blank">link</a>`,
64 `<a rel="noopener" target="_blank" href="about:invalid#s anitized&amp;reason=disallowed-scheme">link</a>`,
65 },
66 {
67 `<a href="%">link</a>`,
68 `<a rel="noopener" target="_blank" href="about:invalid#s anitized&amp;reason=malformed-url">link</a>`,
69 },
70 {
71 `<a href="/foo">link</a>`,
72 `<a rel="noopener" target="_blank" href="about:invalid#s anitized&amp;reason=disallowed-scheme">link</a>`,
73 },
74 {
75 `<a href="https:///foo">link</a>`,
76 `<a rel="noopener" target="_blank" href="about:invalid#s anitized&amp;reason=relative-url">link</a>`,
77 },
78 {
79 `<<a href=abc>`,
80 `&lt;<a rel="noopener" target="_blank" href="about:inval id#sanitized&amp;reason=disallowed-scheme"></a>`,
81 },
82
83 // Tables
84 {
85 `<table>
86 <tr colspan="2">
87 <td rowspan=2>a</td>
88 </tr>
89 <tr style="">
90 <td>b</td>
91 <td>c</td>
92 </tr>
93 </table>`,
94 `<table>
95 <tr colspan="2">
96 <td rowspan="2">a</td>
97 </tr>
98 <tr>
99 <td>b</td>
100 <td>c</td>
101 </tr>
102 </table>`,
103 },
104
105 // Other
106 {
107 `<div><strong>hello</strong></div>`,
108 `<strong>hello</strong>`,
109 },
110 {
111 `&lt;`,
112 `&lt;`,
113 },
114 {
115 `&foobar;`,
116 `&amp;foobar;`,
117 },
118 {
119 `<div><p>foo</p>`,
120 `<p>foo</p>`,
121 },
122 {
123 `<p></a alt="blah"></p>`,
124 `<p></p>`,
125 },
126 {
127 `<p><a>blah</p></a>`,
128 `<p><a rel="noopener" target="_blank">blah</a></p>`,
129 },
130 }
131
132 for _, c := range cases {
133 c := c
134 Convey(c.in, t, func() {
135 buf := &bytes.Buffer{}
136 err := Sanitize(buf, strings.NewReader(c.in))
137 So(err, ShouldBeNil)
138 So(buf.String(), ShouldEqual, c.out)
139 })
140 }
141 }
OLDNEW
« no previous file with comments | « common/data/text/sanitizehtml/sanitize.go ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698