Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: common/data/text/sanitizehtml/sanitize_test.go

Issue 2849353002: sanitizehtml: add a package to sanitize HTML (Closed)
Patch Set: add test Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« common/data/text/sanitizehtml/sanitize.go ('K') | « common/data/text/sanitizehtml/sanitize.go ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The LUCI Authors. All rights reserved.
2 // Use of this source code is governed under the Apache License, Version 2.0
3 // that can be found in the LICENSE file.
4
5 package sanitizehtml
6
7 import (
8 "bytes"
9 "strings"
10 "testing"
11
12 . "github.com/smartystreets/goconvey/convey"
13 )
14
15 func TestSanitize(t *testing.T) {
16 t.Parallel()
17
18 cases := []struct {
19 in, out string
20 harmful bool
21 }{
22 // Scripts
23 {
24 `<script src="evil.js"/>`,
25 ``,
26 true,
27 },
28
29 // Paragraphs
30 {
31 `<p style="font-size: 100">hi</p>`,
32 `<p>hi</p>`,
33 false,
34 },
35 {
36 `<P>hi</P>`,
37 `<p>hi</p>`,
38 false,
39 },
40 {
41 `a<br>b`,
42 `a<br>b`,
43 false,
44 },
45
46 // Lists
47 {
48 `<ul foo="bar">
49 <li x="y">a</li>
50 <li>a</li>
51 </ul>`,
52 `<ul>
53 <li>a</li>
54 <li>a</li>
55 </ul>`,
56 false,
57 },
58
59 // Links
60 {
61 `<a href="https://ci.chromium.org" alt="x">link</a>`,
62 `<a rel="noopener" target="_blank" href="https://ci.chro mium.org" alt="x">link</a>`,
63 false,
64 },
65 {
66 `<a href="javascript:evil.js">link</a>`,
67 `<a rel="noopener" target="_blank" href="#non-http-or-ht tps-url-stripped">link</a>`,
68 true,
69 },
70 {
71 `<a href="about:blank">link</a>`,
72 `<a rel="noopener" target="_blank" href="#non-http-or-ht tps-url-stripped">link</a>`,
73 false,
74 },
75 {
76 `<a href="%">link</a>`,
77 `<a rel="noopener" target="_blank" href="#invalid-url-st ripped">link</a>`,
78 false,
79 },
80 {
81 `<a href="/foo">link</a>`,
82 `<a rel="noopener" target="_blank" href="#non-http-or-ht tps-url-stripped">link</a>`,
83 false,
84 },
85 {
86 `<<a href=abc>`,
87 `&lt;<a rel="noopener" target="_blank" href="#non-http-o r-https-url-stripped"></a>`,
88 false,
89 },
90
91 // Tables
92 {
93 `<table>
94 <tr colspan="2x">
95 <td rowspan=2>a</td>
96 </tr>
97 <tr style="">
98 <td>b</td>
99 <td>c</td>
100 </tr>
101 </table>`,
102 `<table>
103 <tr colspan="2">
104 <td rowspan="2">a</td>
105 </tr>
106 <tr>
107 <td>b</td>
108 <td>c</td>
109 </tr>
110 </table>`,
111 false,
112 },
113
114 // Other
115 {
116 `<div><strong>hello</strong></div>`,
117 `<strong>hello</strong>`,
118 false,
119 },
120 {
121 `&lt;`,
122 `&lt;`,
123 false,
124 },
125 {
126 `&foobar;`,
127 `&amp;foobar;`,
128 false,
129 },
130 {
131 `<div><p>foo</p>`,
132 `<p>foo</p>`,
133 false,
134 },
135 {
136 `<p></a alt="blah"></p>`,
137 `<p></p>`,
138 false,
139 },
140 {
141 `<p><a>blah</p></a>`,
142 `<p><a rel="noopener" target="_blank">blah</a></p>`,
143 false,
144 },
145 }
146
147 for _, c := range cases {
148 c := c
149 Convey(c.in, t, func() {
150 buf := &bytes.Buffer{}
151 harmful, err := Sanitize(strings.NewReader(c.in), buf)
152 So(err, ShouldBeNil)
153 So(harmful, ShouldEqual, c.harmful)
154 So(buf.String(), ShouldEqual, c.out)
155 })
156 }
157 }
OLDNEW
« common/data/text/sanitizehtml/sanitize.go ('K') | « common/data/text/sanitizehtml/sanitize.go ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698