Sha256: cfb0deb67f004c1af1de2346a0309a8a7ae5cf1ce895b3358e1ab6cc2c5160f6

Contents?: true

Size: 1020 Bytes

Versions: 5

Compression:

Stored size: 1020 Bytes

Contents

require "test_helper"

class HtmlSanitizerTest < Test::Unit::TestCase

  test "disallow a script tag" do
    html = "<script>alert('XSS')</script>"
    assert_equal "alert('XSS')", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "disallow a javascript protocol in an attribute" do
    html = %q{<a href="javascript:alert(document.location);"
              title="Title">an example</a>}
    assert_equal "<a title=\"Title\">an example</a>", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "disallow on* attributes" do
    html = %q{<a href="/" onclick="alert('xss');">Link</a>}
    assert_equal "<a href=\"/\">Link</a>", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "allow non-JS HTML content" do
    html = "<a href='foo'>"
    assert_equal "<a href=\"foo\"></a>", Govspeak::HtmlSanitizer.new(html).sanitize
  end

  test "keep things that should be HTML entities" do
    html = "Fortnum & Mason"
    assert_equal "Fortnum &amp; Mason", Govspeak::HtmlSanitizer.new(html).sanitize
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
govspeak-1.2.5 test/html_sanitizer_test.rb
govspeak-1.2.4 test/html_sanitizer_test.rb
govspeak-1.2.3 test/html_sanitizer_test.rb
govspeak-1.2.2 test/html_sanitizer_test.rb
govspeak-1.2.0 test/html_sanitizer_test.rb