Contents

require 'spec_helper'
require 'softcover/sanitizer'

describe Softcover::Sanitizer do
  context "malicious html" do
    let(:html) { "<div onclick='alert(document.cookie)'></div>"}

    it "cleans xss vectors" do
      expect(subject.clean(html)).to eq "<div></div>"
    end
  end

  context "safe html" do
    let(:html) do Nokogiri::HTML.fragment(<<-EOS
        <div id="a" class="b"></div>
        <div data-tralics-id="c" data-number="d" data-chapter="e"></div>
        <a id="a" class="b" href="c"></a>
        <span id="a" class="b" style="c"></span>
        <ol id="a" class="b"></ol>
        <ul id="a" class="b"></ul>
        <li id="a" class="b"></li>
        <sup id="a" class="b"></sup>
        <h1 id="a" class="b"></h1>
        <h2 id="a" class="b"></h2>
        <h3 id="a" class="b"></h3>
        <h4 id="a" class="b"></h4>
        <img id="a" class="b" src="c" alt="d" />
        <em id="a" class="b"></em>
      EOS
      ).to_xhtml
    end

    it "allows class and id" do
      expect(subject.clean(html)).to match html
    end
  end
end

Version data entries

59 entries across 59 versions & 2 rubygems

Version	Path
softcover-1.0.beta15	spec/sanitizer_spec.rb
softcover-1.0.beta14	spec/sanitizer_spec.rb
softcover-1.0.beta13	spec/sanitizer_spec.rb
softcover-1.0.beta12	spec/sanitizer_spec.rb
softcover-1.0.beta11	spec/sanitizer_spec.rb
softcover-1.0.beta10	spec/sanitizer_spec.rb
softcover-1.0.beta9	spec/sanitizer_spec.rb
softcover-1.0.beta8	spec/sanitizer_spec.rb
softcover-1.0.beta7	spec/sanitizer_spec.rb
softcover-1.0.beta6	spec/sanitizer_spec.rb
softcover-1.0.beta5	spec/sanitizer_spec.rb
softcover-1.0.beta4	spec/sanitizer_spec.rb
softcover-1.0.beta3	spec/sanitizer_spec.rb
softcover-nonstop-1.0.beta2	spec/sanitizer_spec.rb
softcover-1.0.beta2	spec/sanitizer_spec.rb
softcover-1.0.beta1	spec/sanitizer_spec.rb
softcover-0.9.23	spec/sanitizer_spec.rb
softcover-0.9.22	spec/sanitizer_spec.rb
softcover-0.9.21	spec/sanitizer_spec.rb
softcover-0.9.20	spec/sanitizer_spec.rb