// Copyright 2017 Frédéric Guillot. All rights reserved. // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. package sanitizer import "testing" func TestValidInput(t *testing.T) { input := `

This is a text with an image: Test .

` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestImgWithTextDataURL(t *testing.T) { input := ` Example

` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithDataURL(t *testing.T) { input := ` Example

` expected := ` Example

` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithSrcset(t *testing.T) { input := ` Example

` expected := ` Example

` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithSrcsetAndDataURL(t *testing.T) { input := ` Example

` expected := ` Example

` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSourceWithSrcsetAndMedia(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestMediumImgWithSrcset(t *testing.T) { input := ` Image for post

` expected := ` Image for post

` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSelfClosingTags(t *testing.T) { input := `

This
is a text
with an image: Test .

` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestTable(t *testing.T) { input := `

A	B
C	D	E

` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestRelativeURL(t *testing.T) { input := `This link is relative and this image:

` expected := `This link is relative and this image:

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestProtocolRelativeURL(t *testing.T) { input := `This link is relative.` expected := `This link is relative.` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidTag(t *testing.T) { input := `

My invalid tag.

` expected := `

My invalid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestVideoTag(t *testing.T) { input := `

My valid .

` expected := `

My valid .

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAudioAndSourceTag(t *testing.T) { input := `

My music .

` expected := `

My music .

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestUnknownTag(t *testing.T) { input := `

My invalid tag.

` expected := `

My invalid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidNestedTag(t *testing.T) { input := `

My invalid tag with some valid tag.

` expected := `

My invalid tag with some valid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestValidIFrame(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf("Wrong output:\nwant: %s\nhave: %s", expected, output) } } func TestInvalidIFrame(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestIFrameWithChildElements(t *testing.T) { input := `` expected := `

` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidURLScheme(t *testing.T) { input := `

This link is not valid

` expected := `

This link is not valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestMailtoURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestTelURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXMPPURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestBlacklistedLink(t *testing.T) { input := `

This image is not valid

` expected := `

This image is not valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXmlEntities(t *testing.T) { input := `

echo "test" > /etc/hosts

` expected := `

echo "test" > /etc/hosts

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestEspaceAttributes(t *testing.T) { input := `test` expected := `test` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceIframeURL(t *testing.T) { input := `` expected := `

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceNoScript(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceScript(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceStyle(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestWrapYoutubeIFrames(t *testing.T) { input := `` expected := `

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf("Wrong output:\nwant: %v\nhave: %v", expected, output) } }