diff options
Diffstat (limited to 'test/sanitizerSpec.js')
| -rw-r--r-- | test/sanitizerSpec.js | 92 |
1 files changed, 46 insertions, 46 deletions
diff --git a/test/sanitizerSpec.js b/test/sanitizerSpec.js index f5ac69ff..7467a833 100644 --- a/test/sanitizerSpec.js +++ b/test/sanitizerSpec.js @@ -1,14 +1,14 @@ 'use strict'; -describe('HTML', function(){ +describe('HTML', function() { function expectHTML(html) { return expect(new HTML(html).get()); } - describe('htmlParser', function(){ + describe('htmlParser', function() { var handler, start, text; - beforeEach(function(){ + beforeEach(function() { handler = { start: function(tag, attrs, unary){ start = { @@ -31,31 +31,31 @@ describe('HTML', function(){ }; }); - it('should parse basic format', function(){ + it('should parse basic format', function() { htmlParser('<tag attr="value">text</tag>', handler); expect(start).toEqual({tag:'tag', attrs:{attr:'value'}, unary:false}); expect(text).toEqual('text'); }); - it('should parse newlines in tags', function(){ + it('should parse newlines in tags', function() { htmlParser('<\ntag\n attr="value"\n>text<\n/\ntag\n>', handler); expect(start).toEqual({tag:'tag', attrs:{attr:'value'}, unary:false}); expect(text).toEqual('text'); }); - it('should parse newlines in attributes', function(){ + it('should parse newlines in attributes', function() { htmlParser('<tag attr="\nvalue\n">text</tag>', handler); expect(start).toEqual({tag:'tag', attrs:{attr:'value'}, unary:false}); expect(text).toEqual('text'); }); - it('should parse namespace', function(){ + it('should parse namespace', function() { htmlParser('<ns:t-a-g ns:a-t-t-r="\nvalue\n">text</ns:t-a-g>', handler); expect(start).toEqual({tag:'ns:t-a-g', attrs:{'ns:a-t-t-r':'value'}, unary:false}); expect(text).toEqual('text'); }); - it('should parse empty value attribute of node', function(){ + it('should parse empty value attribute of node', function() { htmlParser('<OPTION selected value="">abc</OPTION>', handler); expect(start).toEqual({tag:'option', attrs:{selected:'', value:''}, unary:false}); expect(text).toEqual('abc'); @@ -63,87 +63,87 @@ describe('HTML', function(){ }); - it('should echo html', function(){ + it('should echo html', function() { expectHTML('hello<b class="1\'23" align=\'""\'>world</b>.'). toEqual('hello<b class="1\'23" align="""">world</b>.'); }); - it('should remove script', function(){ + it('should remove script', function() { expectHTML('a<SCRIPT>evil< / scrIpt >c.').toEqual('ac.'); }); - it('should remove nested script', function(){ + it('should remove nested script', function() { expectHTML('a< SCRIPT >A< SCRIPT >evil< / scrIpt >B< / scrIpt >c.').toEqual('ac.'); }); - it('should remove attrs', function(){ + it('should remove attrs', function() { expectHTML('a<div style="abc">b</div>c').toEqual('a<div>b</div>c'); }); - it('should remove style', function(){ + it('should remove style', function() { expectHTML('a<STyle>evil</stYle>c.').toEqual('ac.'); }); - it('should remove script and style', function(){ + it('should remove script and style', function() { expectHTML('a<STyle>evil<script></script></stYle>c.').toEqual('ac.'); }); - it('should remove double nested script', function(){ + it('should remove double nested script', function() { expectHTML('a<SCRIPT>ev<script>evil</sCript>il</scrIpt>c.').toEqual('ac.'); }); - it('should remove unknown names', function(){ + it('should remove unknown names', function() { expectHTML('a<xxx><B>b</B></xxx>c').toEqual('a<b>b</b>c'); }); - it('should remove unsafe value', function(){ + it('should remove unsafe value', function() { expectHTML('<a href="javascript:alert()">').toEqual('<a></a>'); }); - it('should handle self closed elements', function(){ + it('should handle self closed elements', function() { expectHTML('a<hr/>c').toEqual('a<hr/>c'); }); - it('should handle namespace', function(){ + it('should handle namespace', function() { expectHTML('a<my:hr/><my:div>b</my:div>c').toEqual('abc'); }); - it('should handle entities', function(){ + it('should handle entities', function() { var everything = '<div rel="!@#$%^&*()_+-={}[]:";\'<>?,./`~ ħ">' + '!@#$%^&*()_+-={}[]:";\'<>?,./`~ ħ</div>'; expectHTML(everything).toEqual(everything); }); - it('should handle improper html', function(){ + it('should handle improper html', function() { expectHTML('< div rel="</div>" alt=abc dir=\'"\' >text< /div>'). toEqual('<div rel="</div>" alt="abc" dir=""">text</div>'); }); - it('should handle improper html2', function(){ + it('should handle improper html2', function() { expectHTML('< div rel="</div>" / >'). toEqual('<div rel="</div>"/>'); }); - it('should ignore back slash as escape', function(){ + it('should ignore back slash as escape', function() { expectHTML('<img alt="xxx\\" title="><script>....">'). toEqual('<img alt="xxx\\" title="><script>...."/>'); }); - it('should ignore object attributes', function(){ + it('should ignore object attributes', function() { expectHTML('<a constructor="hola">:)</a>'). toEqual('<a>:)</a>'); expectHTML('<constructor constructor="hola">:)</constructor>'). toEqual(''); }); - describe('htmlSanitizerWriter', function(){ + describe('htmlSanitizerWriter', function() { var writer, html; - beforeEach(function(){ + beforeEach(function() { html = ''; writer = htmlSanitizeWriter({push:function(text){html+=text;}}); }); - it('should write basic HTML', function(){ + it('should write basic HTML', function() { writer.chars('before'); writer.start('div', {rel:'123'}, false); writer.chars('in'); @@ -153,38 +153,38 @@ describe('HTML', function(){ expect(html).toEqual('before<div rel="123">in</div>after'); }); - it('should escape text nodes', function(){ + it('should escape text nodes', function() { writer.chars('a<div>&</div>c'); expect(html).toEqual('a<div>&</div>c'); }); - it('should escape IE script', function(){ + it('should escape IE script', function() { writer.chars('&<>{}'); expect(html).toEqual('&<>{}'); }); - it('should escape attributes', function(){ + it('should escape attributes', function() { writer.start('div', {rel:'!@#$%^&*()_+-={}[]:";\'<>?,./`~ \n\0\r\u0127'}); expect(html).toEqual('<div rel="!@#$%^&*()_+-={}[]:";\'<>?,./`~ � ħ">'); }); - it('should ignore missformed elements', function(){ + it('should ignore missformed elements', function() { writer.start('d>i&v', {}); expect(html).toEqual(''); }); - it('should ignore unknown attributes', function(){ + it('should ignore unknown attributes', function() { writer.start('div', {unknown:""}); expect(html).toEqual('<div>'); }); - describe('explicitly dissallow', function(){ - it('should not allow attributes', function(){ + describe('explicitly dissallow', function() { + it('should not allow attributes', function() { writer.start('div', {id:'a', name:'a', style:'a'}); expect(html).toEqual('<div>'); }); - it('should not allow tags', function(){ + it('should not allow tags', function() { function tag(name) { writer.start(name, {}); writer.end(name); @@ -209,13 +209,13 @@ describe('HTML', function(){ }); }); - describe('isUri', function(){ + describe('isUri', function() { function isUri(value) { return value.match(URI_REGEXP); } - it('should be URI', function(){ + it('should be URI', function() { expect(isUri('http://abc')).toBeTruthy(); expect(isUri('https://abc')).toBeTruthy(); expect(isUri('ftp://abc')).toBeTruthy(); @@ -223,46 +223,46 @@ describe('HTML', function(){ expect(isUri('#anchor')).toBeTruthy(); }); - it('should not be UIR', function(){ + it('should not be UIR', function() { expect(isUri('')).toBeFalsy(); expect(isUri('javascript:alert')).toBeFalsy(); }); }); - describe('javascript URL attribute', function(){ - beforeEach(function(){ + describe('javascript URL attribute', function() { + beforeEach(function() { this.addMatchers({ - toBeValidUrl: function(){ + toBeValidUrl: function() { return URI_REGEXP.exec(this.actual); } }); }); - it('should ignore javascript:', function(){ + it('should ignore javascript:', function() { expect('JavaScript:abc').not.toBeValidUrl(); expect(' \n Java\n Script:abc').not.toBeValidUrl(); expect('http://JavaScript/my.js').toBeValidUrl(); }); - it('should ignore dec encoded javascript:', function(){ + it('should ignore dec encoded javascript:', function() { expect('javascript:').not.toBeValidUrl(); expect('javascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); }); - it('should ignore decimal with leading 0 encodede javascript:', function(){ + it('should ignore decimal with leading 0 encodede javascript:', function() { expect('javascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); }); - it('should ignore hex encoded javascript:', function(){ + it('should ignore hex encoded javascript:', function() { expect('javascript:').not.toBeValidUrl(); expect('javascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); }); - it('should ignore hex encoded whitespace javascript:', function(){ + it('should ignore hex encoded whitespace javascript:', function() { expect('jav	ascript:alert("A");').not.toBeValidUrl(); expect('jav
ascript:alert("B");').not.toBeValidUrl(); expect('jav
 ascript:alert("C");').not.toBeValidUrl(); |