Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix / improve tests #66

Merged
merged 3 commits into from May 12, 2017
Merged

Fix / improve tests #66

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
267b121
Rename test to better reflect what is actually tested
fschwahn May 5, 2017
2e8a706
Make tests pass again with recent nokogiri versions
fschwahn May 5, 2017
2a2a715
Fix deprecation warning from Minitest
fschwahn May 5, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
18 changes: 10 additions & 8 deletions test/sanitizer_test.rb
View file
Open in desktop
Expand Up @@ -58,11 +58,11 @@ def test_strip_tags_with_quote
end

def test_strip_invalid_html
assert_equal "", full_sanitize("<<<bad html")
assert_equal "&lt;&lt;", full_sanitize("<<<bad html")
end

def test_strip_nested_tags
expected = "Weia onclick='alert(document.cookie);'/&gt;rdos"
expected = "Wei&lt;a onclick='alert(document.cookie);'/&gt;rdos"
input = "Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos"
assert_equal expected, full_sanitize(input)
end
Expand All @@ -74,7 +74,7 @@ def test_strip_tags_multiline
assert_equal expected, full_sanitize(input)
end

def test_strip_comments
def test_remove_unclosed_tags
assert_equal "This is ", full_sanitize("This is <-- not\n a comment here.")
end

Expand All @@ -87,7 +87,9 @@ def test_strip_unclosed_cdata
end

def test_strip_blank_string
[nil, '', ' '].each { |blank| assert_equal blank, full_sanitize(blank) }
assert_nil full_sanitize(nil)
assert_equal "", full_sanitize("")
assert_equal " ", full_sanitize(" ")
end

def test_strip_tags_with_plaintext
Expand All @@ -98,8 +100,8 @@ def test_strip_tags_with_tags
assert_equal "This is a test.", full_sanitize("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>")
end

def test_strip_tags_with_many_open_quotes
assert_equal "", full_sanitize("<<<bad html>")
def test_escape_tags_with_many_open_quotes
assert_equal "&lt;&lt;", full_sanitize("<<<bad html>")
end

def test_strip_tags_with_sentence
Expand All @@ -123,7 +125,7 @@ def test_full_sanitize_respect_html_escaping_of_the_given_string
end

def test_strip_links_with_tags_in_tags
expected = "a href='hello'&gt;all <b>day</b> long/a&gt;"
expected = "&lt;a href='hello'&gt;all <b>day</b> long&lt;/a&gt;"
input = "<<a>a href='hello'>all <b>day</b> long<</A>/a>"
assert_equal expected, link_sanitize(input)
end
Expand Down Expand Up @@ -360,7 +362,7 @@ def test_should_sanitize_invalid_script_tag
end

def test_should_sanitize_script_tag_with_multiple_open_brackets
assert_sanitized %(<<SCRIPT>alert("XSS");//<</SCRIPT>), "alert(\"XSS\");//"
assert_sanitized %(<<SCRIPT>alert("XSS");//<</SCRIPT>), "&lt;alert(\"XSS\");//&lt;"
assert_sanitized %(<iframe src=http://ha.ckers.org/scriptlet.html\n<a), ""
end

Expand Down