// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved. // SPDX-License-Identifier: Apache-2.0 package sanitizer // import "miniflux.app/v2/internal/reader/sanitizer" import ( "os" "testing" "miniflux.app/v2/internal/config" ) func TestMain(m *testing.M) { config.Opts = config.NewOptions() exitCode := m.Run() os.Exit(exitCode) } func TestValidInput(t *testing.T) { input := `

This is a text with an image: Test.

` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestImgWithWidthAndHeightAttribute(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithWidthAndHeightAttributeLargerThanMinifluxLayout(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithIncorrectWidthAndHeightAttribute(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithTextDataURL(t *testing.T) { input := `Example` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithDataURL(t *testing.T) { input := `Example` expected := `Example` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithSrcset(t *testing.T) { input := `Example` expected := `Example` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSourceWithSrcsetAndMedia(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestMediumImgWithSrcset(t *testing.T) { input := `Image for post` expected := `Image for post` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSelfClosingTags(t *testing.T) { input := `

This
is a text
with an image: Test.

` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestTable(t *testing.T) { input := `
AB
CDE
` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestRelativeURL(t *testing.T) { input := `This link is relative and this image: ` expected := `This link is relative and this image: ` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestProtocolRelativeURL(t *testing.T) { input := `This link is relative.` expected := `This link is relative.` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidTag(t *testing.T) { input := `

My invalid tag.

` expected := `

My invalid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestVideoTag(t *testing.T) { input := `

My valid .

` expected := `

My valid .

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAudioAndSourceTag(t *testing.T) { input := `

My music .

` expected := `

My music .

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestUnknownTag(t *testing.T) { input := `

My invalid tag.

` expected := `

My invalid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidNestedTag(t *testing.T) { input := `

My invalid tag with some valid tag.

` expected := `

My invalid tag with some valid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidIFrame(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestIFrameWithChildElements(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAnchorLink(t *testing.T) { input := `

This link is an anchor

` expected := `

This link is an anchor

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidURLScheme(t *testing.T) { input := `

This link is not valid

` expected := `

This link is not valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAPTURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestBitcoinURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestCallToURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestFeedURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestGeoURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestItunesURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestMagnetURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestMailtoURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestNewsURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestRTMPURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSIPURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSkypeURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSpotifyURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSteamURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSubversionURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestTelURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestWebcalURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXMPPURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestBlacklistedLink(t *testing.T) { input := `

This image is not valid

` expected := `

This image is not valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestPixelTracker(t *testing.T) { input := `

and

` expected := `

and

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXmlEntities(t *testing.T) { input := `
echo "test" > /etc/hosts
` expected := `
echo "test" > /etc/hosts
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestEspaceAttributes(t *testing.T) { input := `test` expected := `test` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceYoutubeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceSecureYoutubeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceSecureYoutubeURLWithParameters(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceProtocolRelativeYoutubeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceYoutubeURLWithCustomURL(t *testing.T) { os.Clearenv() os.Setenv("YOUTUBE_EMBED_URL_OVERRIDE", "https://invidious.custom/embed/") var err error parser := config.NewParser() config.Opts, err = parser.ParseEnvironmentVariables() if err != nil { t.Fatalf(`Parsing failure: %v`, err) } input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceIframeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceNoScript(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceScript(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceStyle(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } }