test: rewrite test coverage for comments and PIs

to test behavior and not implementation.
rails · Aug 20, 2021 · c25e2ce · c25e2ce
1 parent 97099c0
commit c25e2ce
Showing 1 changed file with 16 additions and 44 deletions.
diff --git a/test/scrubbers_test.rb b/test/scrubbers_test.rb
@@ -41,6 +41,16 @@ def test_default_scrub_behavior
     assert_scrubbed '<tag>hello</tag>', 'hello'
   end
 
+  def test_default_scrub_removes_comments
+    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
+                    '<div>one</div><span>three</span>')
+  end
+
+  def test_default_scrub_removes_processing_instructions
+    assert_scrubbed('<div>one</div><?div two><span>three</span>',
+                    '<div>one</div><span>three</span>')
+  end
+
   def test_default_attributes_removal_behavior
     assert_scrubbed '<p cooler="hello">hello</p>', '<p>hello</p>'
   end
@@ -56,6 +66,12 @@ def test_leaves_only_supplied_tags
     assert_scrubbed html, '<tag>leave me now</tag>'
   end
 
+  def test_leaves_comments_when_supplied_as_tag
+    @scrubber.tags = %w(div comment)
+    assert_scrubbed('<div>one</div><!-- two --><span>three</span>',
+                    '<div>one</div><!-- two -->three')
+  end
+
   def test_leaves_only_supplied_tags_nested
     html = '<tag>leave <em>me <span>now</span></em></tag>'
     @scrubber.tags = %w(tag)
@@ -112,50 +128,6 @@ def test_attributes_accessor_validation
   end
 end
 
-class PermitScrubberSubclassTest < ScrubberTest
-  def setup
-    @scrubber = Class.new(::Rails::Html::PermitScrubber) do
-      attr :nodes_seen
-
-      def initialize
-        super()
-        @nodes_seen = []
-      end
-
-      def keep_node?(node)
-        @nodes_seen << node.name
-        super(node)
-      end
-    end.new
-  end
-
-  def test_elements_are_checked
-    html = %Q("<div></div><a></a><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    assert_includes(@scrubber.nodes_seen, "a")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-
-  def test_comments_are_checked
-    # this passes in v1.3.0 but fails in v1.4.0
-    html = %Q("<div></div><!-- ohai --><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    assert_includes(@scrubber.nodes_seen, "comment")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-
-  def test_craftily_named_processing_instructions_are_not_checked
-    # this fails in v1.3.0 but passes in v1.4.0
-    html = %Q("<div></div><?a content><tr></tr>")
-    Loofah.scrub_fragment(html, @scrubber)
-    assert_includes(@scrubber.nodes_seen, "div")
-    refute_includes(@scrubber.nodes_seen, "a")
-    assert_includes(@scrubber.nodes_seen, "tr")
-  end
-end
-
 class TargetScrubberTest < ScrubberTest
   def setup
     @scrubber = Rails::Html::TargetScrubber.new