1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
// Copyright 2017 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package markup_test
import (
"testing"
"github.com/stretchr/testify/assert"
. "gogs.io/gogs/internal/markup"
)
func Test_Sanitizer(t *testing.T) {
NewSanitizer()
tests := []struct {
input string
expVal string
}{
// Regular
{input: `<a onblur="alert(secret)" href="http://www.google.com">Google</a>`, expVal: `<a href="http://www.google.com" rel="nofollow">Google</a>`},
// Code highlighting class
{input: `<code class="random string"></code>`, expVal: `<code></code>`},
{input: `<code class="language-random ui tab active menu attached animating sidebar following bar center"></code>`, expVal: `<code></code>`},
{input: `<code class="language-go"></code>`, expVal: `<code class="language-go"></code>`},
// Input checkbox
{input: `<input type="hidden">`, expVal: ``},
{input: `<input type="checkbox">`, expVal: `<input type="checkbox">`},
{input: `<input checked disabled autofocus>`, expVal: `<input checked="" disabled="">`},
}
for _, test := range tests {
t.Run(test.input, func(t *testing.T) {
assert.Equal(t, test.expVal, Sanitize(test.input))
assert.Equal(t, test.expVal, string(SanitizeBytes([]byte(test.input))))
})
}
}
|