diff options
| author | rinpatch <rinpatch@sdf.org> | 2018-12-01 18:12:27 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2018-12-01 18:12:27 +0300 |
| commit | fe2759bc9f2dad044b49f4954693ac09f9368041 (patch) | |
| tree | 59dd9c5026f433d976defa303de0d6782d435d1e /test/html_test.exs | |
| parent | ba6e3eba33f16bdd2fede086d5fb5c86201cb57b (diff) | |
| parent | 8c3ff06e35e11a40cf4eb35a41a2019b7496e62c (diff) | |
| download | pleroma-fe2759bc9f2dad044b49f4954693ac09f9368041.tar.gz pleroma-fe2759bc9f2dad044b49f4954693ac09f9368041.zip | |
Attempt to resolve merge conflict
Diffstat (limited to 'test/html_test.exs')
| -rw-r--r-- | test/html_test.exs | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/test/html_test.exs b/test/html_test.exs new file mode 100644 index 000000000..f7150759b --- /dev/null +++ b/test/html_test.exs @@ -0,0 +1,80 @@ +defmodule Pleroma.HTMLTest do + alias Pleroma.HTML + use Pleroma.DataCase + + @html_sample """ + <b>this is in bold</b> + <p>this is a paragraph</p> + this is a linebreak<br /> + this is an image: <img src="http://example.com/image.jpg"><br /> + <script>alert('hacked')</script> + """ + + @html_onerror_sample """ + <img src="http://example.com/image.jpg" onerror="alert('hacked')"> + """ + + describe "StripTags scrubber" do + test "works as expected" do + expected = """ + this is in bold + this is a paragraph + this is a linebreak + this is an image: + alert('hacked') + """ + + assert expected == HTML.strip_tags(@html_sample) + end + + test "does not allow attribute-based XSS" do + expected = "\n" + + assert expected == HTML.strip_tags(@html_onerror_sample) + end + end + + describe "TwitterText scrubber" do + test "normalizes HTML as expected" do + expected = """ + this is in bold + <p>this is a paragraph</p> + this is a linebreak<br /> + this is an image: <img src="http://example.com/image.jpg" /><br /> + alert('hacked') + """ + + assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText) + end + + test "does not allow attribute-based XSS" do + expected = """ + <img src="http://example.com/image.jpg" /> + """ + + assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText) + end + end + + describe "default scrubber" do + test "normalizes HTML as expected" do + expected = """ + <b>this is in bold</b> + <p>this is a paragraph</p> + this is a linebreak<br /> + this is an image: <img src="http://example.com/image.jpg" /><br /> + alert('hacked') + """ + + assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default) + end + + test "does not allow attribute-based XSS" do + expected = """ + <img src="http://example.com/image.jpg" /> + """ + + assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default) + end + end +end |