Sha256: 47d017d3a59b313e9b4345f59bc3864164c091792e6430ccb880f43c25774a0b

Contents?: true

Size: 1.16 KB

Versions: 12

Compression:

Stored size: 1.16 KB

Contents

require "test_helper"

class HtmlSanitizerTest < Test::Unit::TestCase

  test "disallow a script tag" do
    html = "<script>alert('XSS')</script>"
    assert_equal "alert('XSS')", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "disallow a javascript protocol in an attribute" do
    html = %q{<a href="javascript:alert(document.location);"
              title="Title">an example</a>}
    assert_equal "<a title=\"Title\">an example</a>", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "disallow on* attributes" do
    html = %q{<a href="/" onclick="alert('xss');">Link</a>}
    assert_equal "<a href=\"/\">Link</a>", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "allow non-JS HTML content" do
    html = "<a href='foo'>"
    assert_equal "<a href=\"foo\"></a>", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "keep things that should be HTML entities" do
    html = "Fortnum & Mason"
    assert_equal "Fortnum &amp; Mason", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "can strip images" do
    html = "<img src='http://example.com/image.jgp'>"
    assert_equal "", Govspeak::HtmlSanitizer.new(html).sanitize_without_images
  end
end

Version data entries

12 entries across 12 versions & 1 rubygems

Version Path
govspeak-2.0.2 test/html_sanitizer_test.rb
govspeak-2.0.0 test/html_sanitizer_test.rb
govspeak-1.6.2 test/html_sanitizer_test.rb
govspeak-1.6.1 test/html_sanitizer_test.rb
govspeak-1.6.0 test/html_sanitizer_test.rb
govspeak-1.5.4 test/html_sanitizer_test.rb
govspeak-1.5.3 test/html_sanitizer_test.rb
govspeak-1.5.2 test/html_sanitizer_test.rb
govspeak-1.5.1 test/html_sanitizer_test.rb
govspeak-1.5.0 test/html_sanitizer_test.rb
govspeak-1.4.0 test/html_sanitizer_test.rb
govspeak-1.3.0 test/html_sanitizer_test.rb