describe('HTML', function(){ function expectHTML(html) { return expect(new HTML(html).get()); } it('should echo html', function(){ expectHTML('helloworld.'). toEqual('helloworld.'); }); it('should remove script', function(){ expectHTML('ac.').toEqual('ac.'); }); it('should remove double nested script', function(){ expectHTML('ailc.').toEqual('ac.'); }); it('should remove unknown names', function(){ expectHTML('abc').toEqual('abc'); }); it('should remove unsafe value', function(){ expectHTML('').toEqual(''); }); it('should handle self closed elements', function(){ expectHTML('a
c').toEqual('a
c'); }); it('should handle namespace', function(){ expectHTML('abc').toEqual('abc'); }); it('should handle entities', function(){ var everything = '
' + '!@#$%^&*()_+-={}[]:";\'<>?,./`~ ħ
'; expectHTML(everything).toEqual(everything); }); it('should handle improper html', function(){ expectHTML('< div rel="" alt=abc dir=\'"\' >text< /div>'). toEqual('
text
'); }); it('should handle improper html2', function(){ expectHTML('< div rel="" / >'). toEqual('
'); }); it('should ignore back slash as escape', function(){ expectHTML('xxx\\'). toEqual('xxx\\'); }); it('should ignore object attributes', function(){ expectHTML(':)'). toEqual(':)'); expectHTML(':)'). toEqual(''); }); describe('htmlSanitizerWriter', function(){ var writer, html; beforeEach(function(){ html = ''; writer = htmlSanitizeWriter({push:function(text){html+=text;}}); }); it('should write basic HTML', function(){ writer.chars('before'); writer.start('div', {rel:'123'}, false); writer.chars('in'); writer.end('div'); writer.chars('after'); expect(html).toEqual('before
in
after'); }); it('should escape text nodes', function(){ writer.chars('a
&
c'); expect(html).toEqual('a<div>&</div>c'); }); it('should escape IE script', function(){ writer.chars('&<>{}'); expect(html).toEqual('&<>{}'); }); it('should escape attributes', function(){ writer.start('div', {rel:'!@#$%^&*()_+-={}[]:";\'<>?,./`~ \n\0\r\u0127'}); expect(html).toEqual('
'); }); it('should ignore missformed elements', function(){ writer.start('d>i&v', {}); expect(html).toEqual(''); }); it('should ignore unknown attributes', function(){ writer.start('div', {unknown:""}); expect(html).toEqual('
'); }); describe('explicitly dissallow', function(){ it('should not allow attributes', function(){ writer.start('div', {id:'a', name:'a', style:'a'}); expect(html).toEqual('
'); }); it('should not allow tags', function(){ function tag(name) { writer.start(name, {}); writer.end(name); }; tag('frameset'); tag('frame'); tag('form'); tag('param'); tag('object'); tag('embed'); tag('textarea'); tag('input'); tag('button'); tag('option'); tag('select'); tag('script'); tag('style'); tag('link'); tag('base'); tag('basefont'); expect(html).toEqual(''); }); }); describe('isUri', function(){ function isUri(value) { return value.match(URI_REGEXP); } it('should be URI', function(){ expect(isUri('http://abc')).toBeTruthy(); expect(isUri('https://abc')).toBeTruthy(); expect(isUri('ftp://abc')).toBeTruthy(); expect(isUri('mailto:me@example.com')).toBeTruthy(); expect(isUri('#anchor')).toBeTruthy(); }); it('should not be UIR', function(){ expect(isUri('')).toBeFalsy(); expect(isUri('javascript:alert')).toBeFalsy(); }); }); describe('javascript URL attribute', function(){ beforeEach(function(){ this.addMatchers({ toBeValidUrl: function(){ return URI_REGEXP.exec(this.actual); } }); }); it('should ignore javascript:', function(){ expect('JavaScript:abc').not.toBeValidUrl(); expect(' \n Java\n Script:abc').not.toBeValidUrl(); expect('http://JavaScript/my.js').toBeValidUrl(); }); it('should ignore dec encoded javascript:', function(){ expect('javascript:').not.toBeValidUrl(); expect('javascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); }); it('should ignore decimal with leading 0 encodede javascript:', function(){ expect('javascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); }); it('should ignore hex encoded javascript:', function(){ expect('javascript:').not.toBeValidUrl(); expect('javascript:').not.toBeValidUrl(); expect('j avascript:').not.toBeValidUrl(); }); it('should ignore hex encoded whitespace javascript:', function(){ expect('jav ascript:alert("A");').not.toBeValidUrl(); expect('jav ascript:alert("B");').not.toBeValidUrl(); expect('jav ascript:alert("C");').not.toBeValidUrl(); expect('jav\u0000ascript:alert("D");').not.toBeValidUrl(); expect('java\u0000\u0000script:alert("D");').not.toBeValidUrl(); expect('  java\u0000\u0000script:alert("D");').not.toBeValidUrl(); }); }); }); }); class="nx">require('path'); var NEW_LINE = /\n\r?/; function collect() { var allDocs = []; //collect docs in JS Files var path = 'src'; var promiseA = Q.when(qfs.listTree(path), function(files) { var done; //read all files in parallel. files.forEach(function(file) { var work; if(/\.js$/.test(file)) { work = Q.when(qfs.read(file, 'b'), function(content) { processJsFile(content, file).forEach (function(doc) { allDocs.push(doc); }); }); } done = Q.when(done, function() { return work; }); }); return done; }); //collect all ng Docs in Content Folder var path2 = 'docs/content'; var promiseB = Q.when(qfs.listTree(path2), function(files){ var done2; files.forEach(function(file) { var work2; if (file.match(/\.ngdoc$/)) { work2 = Q.when(qfs.read(file, 'b'), function(content){ var section = '@section ' + file.split(PATH.sep)[2] + '\n'; allDocs.push(new ngdoc.Doc(section + content.toString(),file, 1).parse()); }); } done2 = Q.when(done2, function() { return work2; }); }); return done2; }); return Q.join(promiseA, promiseB, function() { return allDocs; }); } function processJsFile(content, file) { var docs = []; var lines = content.toString().split(NEW_LINE); var text; var startingLine ; var match; var inDoc = false; lines.forEach(function(line, lineNumber){ lineNumber++; // is the comment starting? if (!inDoc && (match = line.match(/^\s*\/\*\*\s*(.*)$/))) { line = match[1]; inDoc = true; text = []; startingLine = lineNumber; } // are we done? if (inDoc && line.match(/\*\//)) { text = text.join('\n'); text = text.replace(/^\n/, ''); if (text.match(/@ngdoc/)){ //console.log(file, startingLine) docs.push(new ngdoc.Doc('@section api\n' + text, file, startingLine).parse()); } doc = null; inDoc = false; } // is the comment add text if (inDoc){ text.push(line.replace(/^\s*\*\s?/, '')); } }); return docs; }
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-26 03:46:07 +0000