Sha256: bef2529f9f25db6df71423fcbaa69dba48723cd23de47476c3e73b6e1028f4f2
Contents?: true
Size: 1.64 KB
Versions: 8
Compression:
Stored size: 1.64 KB
Contents
# encoding: utf-8
require_relative 'common'
describe 'Sanitize::Transformers::CSS::CleanAttribute' do
make_my_diffs_pretty!
parallelize_me!
before do
@s = Sanitize.new(Sanitize::Config::RELAXED)
end
it 'should sanitize CSS properties in style attributes' do
@s.fragment(%[
<div style="color: #fff; width: expression(alert(1)); /* <-- evil! */"></div>
].strip).must_equal %[
<div style="color: #fff; /* <-- evil! */"></div>
].strip
end
it 'should remove the style attribute if the sanitized CSS is empty' do
@s.fragment('<div style="width: expression(alert(1))"></div>').
must_equal '<div></div>'
end
end
describe 'Sanitize::Transformers::CSS::CleanElement' do
make_my_diffs_pretty!
parallelize_me!
before do
@s = Sanitize.new(Sanitize::Config::RELAXED)
end
it 'should sanitize CSS stylesheets in <style> elements' do
html = %[
<style>@import url(evil.css);
/* Yay CSS! */
.foo { color: #fff; }
#bar { background: url(yay.jpg); bogus: wtf; }
.evil { width: expression(xss()); }
@media screen (max-width:480px) {
.foo { width: 400px; }
#bar:not(.baz) { height: 100px; }
}
</style>
].strip
@s.fragment(html).must_equal %[
<style>
/* Yay CSS! */
.foo { color: #fff; }
#bar { background: url(yay.jpg); }
.evil { }
@media screen (max-width:480px) {
.foo { width: 400px; }
#bar:not(.baz) { height: 100px; }
}
</style>
].strip
end
it 'should remove the <style> element if the sanitized CSS is empty' do
@s.fragment('<style></style>').must_equal ''
end
end
Version data entries
8 entries across 8 versions & 2 rubygems