common/data/text/sanitizehtml/sanitize_test.go - Issue 2849353002: sanitizehtml: add a package to sanitize HTML

Unified Diff: common/data/text/sanitizehtml/sanitize_test.go

Issue 2849353002: sanitizehtml: add a package to sanitize HTML (Closed)

Patch Set: nit Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: common/data/text/sanitizehtml/sanitize_test.go

diff --git a/common/data/text/sanitizehtml/sanitize_test.go b/common/data/text/sanitizehtml/sanitize_test.go

new file mode 100644

index 0000000000000000000000000000000000000000..197e09d4a0eaa89893e784292a4e79d824d93060

--- /dev/null

+++ b/common/data/text/sanitizehtml/sanitize_test.go

@@ -0,0 +1,119 @@

+// Use of this source code is governed under the Apache License, Version 2.0

+// that can be found in the LICENSE file.

+package sanitizehtml

+import (

+ "bytes"

+ "strings"

+ "testing"

+ . "github.com/smartystreets/goconvey/convey"

+func TestSanitize(t *testing.T) {

+ t.Parallel()

+ cases := []struct{ in, out string }{

hinoka 2017/05/02 00:36:16 Some error test cases would be nice. eg invalid h

nodir 2017/05/04 22:11:01 Done.

+ // Scripts

+ {

+ `<script src="evil.js"/>`,

+ ``,

+ },

+ // Paragraphs

+ {

+ `<p style="font-size: 100">hi</p>`,

+ `<p>hi</p>`,

+ },

+ {

+ `<P>hi</P>`,

+ `<p>hi</p>`,

+ },

+ {

+ `a<br>b`,

+ },

+ // Lists

+ {

+ `<ul foo="bar">

+ <li x="y">a</li>

+ <li>a</li>

+ </ul>`,

+ `<ul>

+ <li>a</li>

+ </ul>`,

+ },

+ // Links

Vadim Sh. 2017/05/02 00:16:24 add a test for a relative URL

nodir 2017/05/04 22:11:01 Done.

+ {

+ `<a href="https://ci.chromium.org" alt="x">link</a>`,

+ },

+ {

+ `<a href="javascript:evil.js">link</a>`,

+ `<a href="#non-http-or-http-url-stripped">link</a>`,

+ },

+ {

+ `<a href="about:blank">link</a>`,

+ `<a href="#non-http-or-http-url-stripped">link</a>`,

+ },

+ {

+ `<a href="about:blank">link</a>`,

Vadim Sh. 2017/05/02 00:16:24 duplication

nodir 2017/05/04 22:11:01 Done.

+ `<a href="#non-http-or-http-url-stripped">link</a>`,

+ },

+ {

+ `<a href="%">link</a>`,

+ `<a href="#invalid-url-stripped">link</a>`,

+ },

+ // Tables

+ {

+ `<table>

+ <tr colspan="2x">

+ <td rowspan=2>a</td>

+ </tr>

+ <tr style="">

+ <td>b</td>

+ <td>c</td>

+ </tr>

+ </table>`,

+ `<table>

+ <tr colspan="2">

+ <td rowspan="2">a</td>

+ </tr>

+ <tr>

+ <td>b</td>

+ <td>c</td>

+ </tr>

+ </table>`,

+ },

+ // Other

+ {

+ `<div><strong>hello</strong></div>`,

+ `<strong>hello</strong>`,

+ },

+ {

+ `<`,

+ },

+ {

+ `&foobar;`,

+ },

+ }

+ for _, c := range cases {

Vadim Sh. 2017/05/02 00:16:24 add a test for various malformed HTML, e.g. <p><a

nodir 2017/05/04 22:11:01 Done.

+ c := c

+ Convey(c.in, t, func() {

+ buf := &bytes.Buffer{}

+ err := Sanitize(strings.NewReader(c.in), buf)

+ So(err, ShouldBeNil)

+ So(buf.String(), ShouldEqual, c.out)

+ })

+ }

« common/data/text/sanitizehtml/sanitize.go ('K') | « common/data/text/sanitizehtml/sanitize.go ('k') | no next file » | no next file with comments »