markup_test.rb in makeup-0.4.3

- old
+ new

@@ -60,9 +60,21 @@
 ```
       MD
 
       assert_equal 2, html.scan(/common-lisp/).length
     end
+
+    it "strips unsafe html attributes and elements" do
+      md = <<-MD
+<script>alert("foo")</script>
+<a href="foo" data-destroy="boom" onclick="alert('foo')">link</a>
+*bar*
+      MD
+
+      html = @renderer.render("file.md", md)
+
+      assert_equal %Q{<p><a href="foo">link</a>\n<em>bar</em></p>}, html
+    end
   end
 
   describe "#render" do
     it "should detect end of code blocks properly" do
       html = @renderer.render("file.md", <<-MD)