vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb in radiant-0.6.9 vs vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb in radiant-0.7.0
- old
+ new
@@ -1,7 +1,6 @@
-require File.dirname(__FILE__) + '/../../abstract_unit'
-require 'test/unit'
+require 'abstract_unit'
class SanitizerTest < Test::Unit::TestCase
def setup
@sanitizer = nil # used by assert_sanitizer
end
@@ -201,10 +200,16 @@
raw = %(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;)
expected = %(display: block; width: 100%; height: 100%; background-color: black; background-image: ; background-x: center; background-y: center;)
assert_equal expected, sanitize_css(raw)
end
+ def test_should_sanitize_with_trailing_space
+ raw = "display:block; "
+ expected = "display: block;"
+ assert_equal expected, sanitize_css(raw)
+ end
+
def test_should_sanitize_xul_style_attributes
raw = %(-moz-binding:url('http://ha.ckers.org/xssmoz.xml#xss'))
assert_equal '', sanitize_css(raw)
end
@@ -233,18 +238,22 @@
raw = %(width: expression(alert('XSS'));)
assert_equal '', sanitize_css(raw)
end
def test_should_sanitize_img_vbscript
- assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />'
+ assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />'
end
protected
def assert_sanitized(input, expected = nil)
@sanitizer ||= HTML::WhiteListSanitizer.new
- assert_equal expected || input, @sanitizer.sanitize(input)
+ if input
+ assert_dom_equal expected || input, @sanitizer.sanitize(input)
+ else
+ assert_nil @sanitizer.sanitize(input)
+ end
end
-
+
def sanitize_css(input)
(@sanitizer ||= HTML::WhiteListSanitizer.new).sanitize_css(input)
end
-end
\ No newline at end of file
+end