mirror of
https://github.com/gogs/gogs.git
synced 2025-05-19 05:51:49 +00:00
761bb3cf53
Only expose public APIs for 'Sanitize' and 'SanitizeBytes' to eliminate unintentional modifications to sanitizer policy. Also use 'sync.Once' to make sure multiple calls of 'NewSanitizer' is safe (although should never happen, but this is a better way).
39 lines
1.2 KiB
Go
39 lines
1.2 KiB
Go
// Copyright 2017 The Gogs Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package markup_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
|
|
. "github.com/gogits/gogs/modules/markup"
|
|
)
|
|
|
|
func Test_Sanitizer(t *testing.T) {
|
|
BuildSanitizer()
|
|
Convey("Sanitize HTML string and bytes", t, func() {
|
|
testCases := []string{
|
|
// Regular
|
|
`<a onblur="alert(secret)" href="http://www.google.com">Google</a>`, `<a href="http://www.google.com" rel="nofollow">Google</a>`,
|
|
|
|
// Code highlighting class
|
|
`<code class="random string"></code>`, `<code></code>`,
|
|
`<code class="language-random ui tab active menu attached animating sidebar following bar center"></code>`, `<code></code>`,
|
|
`<code class="language-go"></code>`, `<code class="language-go"></code>`,
|
|
|
|
// Input checkbox
|
|
`<input type="hidden">`, ``,
|
|
`<input type="checkbox">`, `<input type="checkbox">`,
|
|
`<input checked disabled autofocus>`, `<input checked="" disabled="">`,
|
|
}
|
|
|
|
for i := 0; i < len(testCases); i += 2 {
|
|
So(Sanitize(testCases[i]), ShouldEqual, testCases[i+1])
|
|
So(string(SanitizeBytes([]byte(testCases[i]))), ShouldEqual, testCases[i+1])
|
|
}
|
|
})
|
|
}
|