scrubbers_test.rb in rails-html-sanitizer-1.4.2

- old
+ new

@@ -39,10 +39,20 @@
 
   def test_default_scrub_behavior
     assert_scrubbed '<tag>hello</tag>', 'hello'
   end
 
+  def test_default_scrub_removes_comments
+    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
+                    '<div>one</div><span>three</span>')
+  end
+
+  def test_default_scrub_removes_processing_instructions
+    assert_scrubbed('<div>one</div><?div two><span>three</span>',
+                    '<div>one</div><span>three</span>')
+  end
+
   def test_default_attributes_removal_behavior
     assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
   end
 
   def test_leaves_supplied_tags
@@ -54,10 +64,16 @@
     html = '<tag>leave me <span>now</span></tag>'
     @scrubber.tags = %w(tag)
     assert_scrubbed html, '<tag>leave me now</tag>'
   end
 
+  def test_leaves_comments_when_supplied_as_tag
+    @scrubber.tags = %w(div comment)
+    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
+                    '<div>one</div><!-- two -->three')
+  end
+
   def test_leaves_only_supplied_tags_nested
     html = '<tag>leave <em>me <span>now</span></em></tag>'
     @scrubber.tags = %w(tag)
     assert_scrubbed html, '<tag>leave me now</tag>'
   end
@@ -107,53 +123,9 @@
       @scrubber.attributes = 'cooler'
     end
 
     assert_equal "You should pass :attributes as an Enumerable", e.message
     assert_nil @scrubber.attributes, "Attributes should be nil when validation fails"
-  end
-end
-
-class PermitScrubberSubclassTest < ScrubberTest
-  def setup
-    @scrubber = Class.new(::Rails::Html::PermitScrubber) do
-      attr :nodes_seen
-
-      def initialize
-        super()
-        @nodes_seen = []
-      end
-
-      def keep_node?(node)
-        @nodes_seen << node.name
-        super(node)
-      end
-    end.new
-  end
-
-  def test_elements_are_checked
-    html = %Q("<div></div><a></a><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    assert_includes(@scrubber.nodes_seen, "a")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-
-  def test_comments_are_checked
-    # this passes in v1.3.0 but fails in v1.4.0
-    html = %Q("<div></div><!-- ohai --><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    assert_includes(@scrubber.nodes_seen, "comment")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-
-  def test_craftily_named_processing_instructions_are_not_checked
-    # this fails in v1.3.0 but passes in v1.4.0
-    html = %Q("<div></div><?a content><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    refute_includes(@scrubber.nodes_seen, "a")
-    assert_includes(@scrubber.nodes_seen, "tr")
   end
 end
 
 class TargetScrubberTest < ScrubberTest
   def setup