require "test_helper"
class HtmlValidatorTest < Minitest::Test
test "allow Govspeak Markdown" do
values = [
"## is H2",
"*bold text*",
"* bullet",
"- alternative bullet",
"double -- dash -- ndash",
"+ another bullet",
"1. Numbered list",
"s2. Step",
"""
Table | Header
- | -
Build | cells
""",
"This is [an example](/an-inline-link \"Title\") inline link.",
"",
"
",
"This is [an example](http://example.com/ \"Title\"){:rel=\"external\"} inline link to an external resource.",
"^Your text here^ - creates a callout with an info (i) icon.",
"%Your text here% - creates a callout with a warning or alert (!) icon",
"@Your text here@ - highlights the enclosed text in yellow",
"$CSome contact information here$C - contact information",
"$A Hercules House Hercules Road London SE1 7DU $A",
"$D [An example form download link](http://example.com/ \"Example form\") Something about this form download $D",
"$EAn example for the citizen$E - examples boxout",
"$!Answer$! - answer summary",
"{::highlight-answer}Highlighted answer{:/highlight-answer} - creates a large pink highlight box with optional preamble text and giant text denoted with **.",
"{::highlight-answer}",
"The VAT rate is *20%*",
"{:/highlight-answer}",
"---",
"*[GDS]: Government Digital Service",
"""
$P
$I
$A
Hercules House
Hercules Road
London SE1 7DU
$A
$AI
There is access to the building from the street via a ramp.
$AI
$I
$P
""",
":england:content goes here:england:",
":scotland:content goes here:scotland:"
]
values.each do |value|
assert Govspeak::HtmlValidator.new(value).valid?
end
end
test "disallow a script tag" do
assert Govspeak::HtmlValidator.new("").invalid?
end
test "disallow a javascript protocol in an attribute" do
html = %q{an example}
assert Govspeak::HtmlValidator.new(html).invalid?
end
test "disallow a javascript protocol in a Markdown link" do
html = %q{This is [an example](javascript:alert(""); "Title") inline link.}
assert Govspeak::HtmlValidator.new(html).invalid?
end
test "disallow on* attributes" do
html = %q{Link}
assert Govspeak::HtmlValidator.new(html).invalid?
end
test "allow non-JS HTML content" do
assert Govspeak::HtmlValidator.new("").valid?
end
test "allow things that will end up as HTML entities" do
assert Govspeak::HtmlValidator.new("Fortnum & Mason").valid?
end
test "optionally disallow images not on a whitelisted domain" do
html = ""
assert Govspeak::HtmlValidator.new(html, allowed_image_hosts: ['allowed.com']).invalid?
end
test "allow and
HTML elements" do
html = "\n1. Some title
\n\n
Some text
\n
"
assert Govspeak::HtmlValidator.new(html).valid?
end
test "allow govspeak button" do
assert Govspeak::HtmlValidator.new("{button}[Start now](https://gov.uk){/button}").valid?
assert Govspeak::HtmlValidator.new("{button start}[Start now](https://gov.uk){/button}").valid?
assert Govspeak::HtmlValidator.new("{button start cross-domain-tracking:UA-XXXXXX-Y}[Start now](https://gov.uk){/button}").valid?
end
end