From 21e9e8cf68ef007136da6cc212d2f1f252fb668a Mon Sep 17 00:00:00 2001 From: R. Merkert Date: Sat, 17 Aug 2013 19:09:28 -0400 Subject: fix(ngSanitize): sanitizer should not accept as a valid comment According to http://validator.w3.org/ , is not a valid comment and neither is any comment containing the -- substring. --- test/ngSanitize/sanitizeSpec.js | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/ngSanitize/sanitizeSpec.js b/test/ngSanitize/sanitizeSpec.js index f97e86a6..ae1271f0 100644 --- a/test/ngSanitize/sanitizeSpec.js +++ b/test/ngSanitize/sanitizeSpec.js @@ -15,7 +15,7 @@ describe('HTML', function() { describe('htmlParser', function() { if (angular.isUndefined(window.htmlParser)) return; - var handler, start, text; + var handler, start, text, comment; beforeEach(function() { handler = { start: function(tag, attrs, unary){ @@ -35,10 +35,42 @@ describe('HTML', function() { }, end:function(tag) { expect(tag).toEqual(start.tag); + }, + comment:function(comment_) { + comment = comment_; } }; }); + it('should parse comments', function() { + htmlParser('', handler); + expect(comment).toEqual('FOOBAR'); + }); + + it('should throw an exception for invalid comments', function() { + var caught=false; + try { + htmlParser('', handler); + } + catch (ex) { + caught = true; + // expected an exception due to a bad parse + } + expect(caught).toBe(true); + }); + + it('double-dashes are not allowed in a comment', function() { + var caught=false; + try { + htmlParser('', handler); + } + catch (ex) { + caught = true; + // expected an exception due to a bad parse + } + expect(caught).toBe(true); + }); + it('should parse basic format', function() { htmlParser('text', handler); expect(start).toEqual({tag:'tag', attrs:{attr:'value'}, unary:false}); -- cgit v1.2.3