# encoding: utf-8
require_relative 'common'

describe 'Sanitize' do
  describe 'initializer' do
    it 'should not modify a transformers array in the given config' do
      transformers = [
        lambda {}
      ]

      Sanitize.new({ :transformers => transformers })
      _(transformers.length).must_equal(1)
    end
  end

  describe 'instance methods' do
    before do
      @s = Sanitize.new
    end

    describe '#document' do
      before do
        @s = Sanitize.new(:elements => ['html'])
      end

      it 'should sanitize an HTML document' do
        _(@s.document('<!doctype html><html><b>Lo<!-- comment -->rem</b> <a href="pants" title="foo">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br/>amet <script>alert("hello world");</script></html>'))
          .must_equal "<html>Lorem ipsum dolor sit amet </html>"
      end

      it 'should not modify the input string' do
        input = '<!DOCTYPE html><b>foo</b>'
        @s.document(input)
        _(input).must_equal('<!DOCTYPE html><b>foo</b>')
      end

      it 'should not choke on frozen documents' do
        _(@s.document('<!doctype html><html><b>foo</b>'.freeze)).must_equal "<html>foo</html>"
      end

      it 'should normalize newlines' do
        _(@s.document("a\r\n\n\r\r\r\nz")).must_equal "<html>a\n\n\n\n\nz</html>"
      end

      it 'should strip control characters (except ASCII whitespace)' do
        sample_control_chars = "\u0001\u0008\u000b\u000e\u001f\u007f\u009f"
        whitespace = "\t\n\f\u0020"
        _(@s.document("a#{sample_control_chars}#{whitespace}z")).must_equal "<html>a#{whitespace}z</html>"
      end

      it 'should strip non-characters' do
        sample_non_chars = "\ufdd0\ufdef\ufffe\uffff\u{1fffe}\u{1ffff}\u{2fffe}\u{2ffff}\u{3fffe}\u{3ffff}\u{4fffe}\u{4ffff}\u{5fffe}\u{5ffff}\u{6fffe}\u{6ffff}\u{7fffe}\u{7ffff}\u{8fffe}\u{8ffff}\u{9fffe}\u{9ffff}\u{afffe}\u{affff}\u{bfffe}\u{bffff}\u{cfffe}\u{cffff}\u{dfffe}\u{dffff}\u{efffe}\u{effff}\u{ffffe}\u{fffff}\u{10fffe}\u{10ffff}"
        _(@s.document("a#{sample_non_chars}z")).must_equal "<html>az</html>"
      end

      describe 'when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH' do
        let(:content) do
          content = nest_html_content('<b>foo</b>', Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH)
          "<html>#{content}</html>"
        end

        it 'raises an ArgumentError exception' do
          assert_raises ArgumentError do
            @s.document(content)
          end
        end

        describe 'and :max_tree_depth of -1 is supplied in :parser_options' do
          before do
            @s = Sanitize.new(elements: ['html'], parser_options: { max_tree_depth: -1 })
          end

          it 'does not raise an ArgumentError exception' do
            _(@s.document(content)).must_equal '<html>foo</html>'
          end
        end
      end
    end

    describe '#fragment' do
      it 'should sanitize an HTML fragment' do
        _(@s.fragment('<b>Lo<!-- comment -->rem</b> <a href="pants" title="foo">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br/>amet <script>alert("hello world");</script>'))
          .must_equal 'Lorem ipsum dolor sit amet '
      end

      it 'should not modify the input string' do
        input = '<b>foo</b>'
        @s.fragment(input)
        _(input).must_equal '<b>foo</b>'
      end

      it 'should not choke on fragments containing <html> or <body>' do
        _(@s.fragment('<html><b>foo</b></html>')).must_equal 'foo'
        _(@s.fragment('<body><b>foo</b></body>')).must_equal 'foo'
        _(@s.fragment('<html><body><b>foo</b></body></html>')).must_equal 'foo'
        _(@s.fragment('<!DOCTYPE html><html><body><b>foo</b></body></html>')).must_equal 'foo'
      end

      it 'should not choke on frozen fragments' do
        _(@s.fragment('<b>foo</b>'.freeze)).must_equal 'foo'
      end

      it 'should normalize newlines' do
        _(@s.fragment("a\r\n\n\r\r\r\nz")).must_equal "a\n\n\n\n\nz"
      end

      it 'should strip control characters (except ASCII whitespace)' do
        sample_control_chars = "\u0001\u0008\u000b\u000e\u001f\u007f\u009f"
        whitespace = "\t\n\f\u0020"
        _(@s.fragment("a#{sample_control_chars}#{whitespace}z")).must_equal "a#{whitespace}z"
      end

      it 'should strip non-characters' do
        sample_non_chars = "\ufdd0\ufdef\ufffe\uffff\u{1fffe}\u{1ffff}\u{2fffe}\u{2ffff}\u{3fffe}\u{3ffff}\u{4fffe}\u{4ffff}\u{5fffe}\u{5ffff}\u{6fffe}\u{6ffff}\u{7fffe}\u{7ffff}\u{8fffe}\u{8ffff}\u{9fffe}\u{9ffff}\u{afffe}\u{affff}\u{bfffe}\u{bffff}\u{cfffe}\u{cffff}\u{dfffe}\u{dffff}\u{efffe}\u{effff}\u{ffffe}\u{fffff}\u{10fffe}\u{10ffff}"
        _(@s.fragment("a#{sample_non_chars}z")).must_equal "az"
      end

      describe 'when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH' do
        let(:content) do
          content = nest_html_content('<b>foo</b>', Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH)
          "<body>#{content}</body>"
        end

        it 'raises an ArgumentError exception' do
          assert_raises ArgumentError do
            @s.fragment(content)
          end
        end

        describe 'and :max_tree_depth of -1 is supplied in :parser_options' do
          before do
            @s = Sanitize.new(parser_options: { max_tree_depth: -1 })
          end

          it 'does not raise an ArgumentError exception' do
            _(@s.fragment(content)).must_equal 'foo'
          end
        end
      end
    end

    describe '#node!' do
      it 'should sanitize a Nokogiri::XML::Node' do
        doc  = Nokogiri::HTML5.parse('<b>Lo<!-- comment -->rem</b> <a href="pants" title="foo">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br/>amet <script>alert("hello world");</script>')
        frag = doc.fragment

        doc.xpath('/html/body/node()').each {|node| frag << node }

        @s.node!(frag)
        _(frag.to_html).must_equal 'Lorem ipsum dolor sit amet '
      end

      describe "when the given node is a document and <html> isn't allowlisted" do
        it 'should raise a Sanitize::Error' do
          doc = Nokogiri::HTML5.parse('foo')
          _(proc { @s.node!(doc) }).must_raise Sanitize::Error
        end
      end
    end
  end

  describe 'class methods' do
    describe '.document' do
      it 'should sanitize an HTML document with the given config' do
        html = '<!doctype html><html><b>Lo<!-- comment -->rem</b> <a href="pants" title="foo">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br/>amet <script>alert("hello world");</script></html>'
        _(Sanitize.document(html, :elements => ['html']))
          .must_equal "<html>Lorem ipsum dolor sit amet </html>"
      end
    end

    describe '.fragment' do
      it 'should sanitize an HTML fragment with the given config' do
        html = '<b>Lo<!-- comment -->rem</b> <a href="pants" title="foo">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br/>amet <script>alert("hello world");</script>'
        _(Sanitize.fragment(html, :elements => ['strong']))
          .must_equal 'Lorem ipsum <strong>dolor</strong> sit amet '
      end
    end

    describe '.node!' do
      it 'should sanitize a Nokogiri::XML::Node with the given config' do
        doc = Nokogiri::HTML5.parse('<b>Lo<!-- comment -->rem</b> <a href="pants" title="foo">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br/>amet <script>alert("hello world");</script>')
        frag = doc.fragment

        doc.xpath('/html/body/node()').each {|node| frag << node }

        Sanitize.node!(frag, :elements => ['strong'])
        _(frag.to_html).must_equal 'Lorem ipsum <strong>dolor</strong> sit amet '
      end
    end
  end

  private

  def nest_html_content(html_content, depth)
    "#{'<span>' * depth}#{html_content}#{'</span>' * depth}"
  end
end