My invalid tag.
` + input := `My invalid
My invalid tag.
` output := Sanitize("http://example.org/", input) @@ -154,7 +154,7 @@ func TestUnknownTag(t *testing.T) { } func TestInvalidNestedTag(t *testing.T) { - input := `My invalid tag with some valid tag.
` + input := `My invalid
My invalid tag with some valid tag.
` output := Sanitize("http://example.org/", input) @@ -193,92 +193,6 @@ func TestInvalidURLScheme(t *testing.T) { } } -func TestAPTURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestBitcoinURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestCallToURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestFeedURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } - - input = `This link is valid
` - expected = `This link is valid
` - output = Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestGeoURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestItunesURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } - - input = `This link is valid
` - expected = `This link is valid
` - output = Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestMagnetURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - func TestMailtoURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` @@ -289,108 +203,6 @@ func TestMailtoURIScheme(t *testing.T) { } } -func TestNewsURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } - - input = `This link is valid
` - expected = `This link is valid
` - output = Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } - - input = `This link is valid
` - expected = `This link is valid
` - output = Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestRTMPURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestSIPURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } - - input = `This link is valid
` - expected = `This link is valid
` - output = Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestSkypeURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestSpotifyURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestSteamURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - -func TestSubversionURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } - - input = `This link is valid
` - expected = `This link is valid
` - output = Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - func TestTelURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` @@ -401,16 +213,6 @@ func TestTelURIScheme(t *testing.T) { } } -func TestWebcalURIScheme(t *testing.T) { - input := `This link is valid
` - expected := `This link is valid
` - output := Sanitize("http://example.org/", input) - - if expected != output { - t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) - } -} - func TestXMPPURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` diff --git a/src/content/sanitizer/whitelist.go b/src/content/sanitizer/whitelist.go index 8105c6c..4722c50 100644 --- a/src/content/sanitizer/whitelist.go +++ b/src/content/sanitizer/whitelist.go @@ -76,6 +76,7 @@ var allowedTags = sset([]string{ "hr", "html", "i", + "iframe", "img", "input", "ins", @@ -115,7 +116,6 @@ var allowedTags = sset([]string{ "span", "strike", "strong", - "style", "sub", "summary", "sup",