// Copyright 2017 Frédéric Guillot. All rights reserved. // Use of this source code is governed by the Apache 2.0 // license that can be found in the LICENSE file. package sanitizer // import "miniflux.app/reader/sanitizer" import "testing" func TestValidInput(t *testing.T) { input := `
This is a text with an image: .
` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestImgWithTextDataURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithDataURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithSrcset(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSourceWithSrcsetAndMedia(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestMediumImgWithSrcset(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestEconomistImgWithSrcset(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSelfClosingTags(t *testing.T) { input := `This
is a text
with an image: .
A | B | |
---|---|---|
C | D | E |
My invalid tag.
` expected := `My invalid tag.
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestVideoTag(t *testing.T) { input := `My valid .
` expected := `My valid .
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAudioAndSourceTag(t *testing.T) { input := `My music .
` expected := `My music .
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestUnknownTag(t *testing.T) { input := `My invalid
My invalid tag.
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidNestedTag(t *testing.T) { input := `My invalid tag with some valid tag.
` expected := `My invalid tag with some valid tag.
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidIFrame(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestIFrameWithChildElements(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidURLScheme(t *testing.T) { input := `This link is not valid
` expected := `This link is not valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAPTURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestBitcoinURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestCallToURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestFeedURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `This link is valid
` expected = `This link is valid
` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestGeoURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestItunesURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `This link is valid
` expected = `This link is valid
` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestMagnetURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestMailtoURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestNewsURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `This link is valid
` expected = `This link is valid
` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `This link is valid
` expected = `This link is valid
` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestRTMPURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSIPURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `This link is valid
` expected = `This link is valid
` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSkypeURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSpotifyURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSteamURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSubversionURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `This link is valid
` expected = `This link is valid
` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestTelURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestWebcalURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXMPPURIScheme(t *testing.T) { input := `This link is valid
` expected := `This link is valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestBlacklistedLink(t *testing.T) { input := `This image is not valid
` expected := `This image is not valid
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestPixelTracker(t *testing.T) { input := `and
` expected := `and
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXmlEntities(t *testing.T) { input := `echo "test" > /etc/hosts` expected := `
echo "test" > /etc/hosts` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestEspaceAttributes(t *testing.T) { input := `
Before paragraph.
After paragraph.
` expected := `Before paragraph.
After paragraph.
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceScript(t *testing.T) { input := `Before paragraph.
After paragraph.
` expected := `Before paragraph.
After paragraph.
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceStyle(t *testing.T) { input := `Before paragraph.
After paragraph.
` expected := `Before paragraph.
After paragraph.
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } }