-
Notifications
You must be signed in to change notification settings - Fork 33
/
tests.html
46 lines (43 loc) · 3.51 KB
/
tests.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<title>HtmlSanitizer test</title>
<link rel="stylesheet" href="https://code.jquery.com/qunit/qunit-2.9.1.css">
<script src="HtmlSanitizer.js"></script>
</head>
<body>
<div id="qunit"></div>
<div id="qunit-fixture"></div>
<script src="https://code.jquery.com/qunit/qunit-2.9.1.js"></script>
<script>
QUnit.test("Html Sanitizer", function( assert ) {
assert.equal(HtmlSanitizer.SanitizeHtml("<p>Hello world!</p><img name=createElement>"), "<p>Hello world!</p><img>");
assert.equal(HtmlSanitizer.SanitizeHtml("<p>Hello world!</p><img name=body>"), "<p>Hello world!</p><img>");
assert.equal(HtmlSanitizer.SanitizeHtml("<div> <script> Alert('xss!'); </scr" + "ipt> </div>"), "<div> </div>");
assert.equal(HtmlSanitizer.SanitizeHtml("<p class='MsoNormal' style='margin-bottom:10.0pt;line-height:115%'><b>Official - SBU </b><o:p></o:p></p>"), "<p><b>Official - SBU </b></p>");
assert.equal(HtmlSanitizer.SanitizeHtml("<span style='color: rgb(102, 102, 102); font-size: 8px;'><i>NOTE</i></span>"), "<span style=\"color: rgb(102, 102, 102); font-size: 8px;\"><i>NOTE</i></span>");
assert.equal(HtmlSanitizer.SanitizeHtml("<B>Neo Anderson</B><font onclick='alert(sdfds)' style='font-family:Arial;font-size:10pt;font-weight:bold;'>Superhero</font><font style='font-family:Arial;'>555.555.5558</font><B>-</B><font style=font-family:Arial;font-size:12pt;font-weight:bold;>-</font>"), "<b>Neo Anderson</b><font style=\"font-size: 10pt; font-weight: bold;\">Superhero</font><font>555.555.5558</font><b>-</b><font style=\"font-size: 12pt; font-weight: bold;\">-</font>");
assert.equal(HtmlSanitizer.SanitizeHtml("<a href='javascript:alert(\"asdf\")'>blahblah</a>"), "<a>blahblah</a>");
assert.equal(HtmlSanitizer.SanitizeHtml("<a href='http://blah'>blahblah</a>"), "<a href=\"http://blah\">blahblah</a>");
assert.equal(HtmlSanitizer.SanitizeHtml("<b style='text-align:right;float:right'>blahblah</a>"), "<b style=\"text-align: right;\">blahblah</b>");
assert.equal(HtmlSanitizer.SanitizeHtml("<style>test</style>"), "");
assert.equal(HtmlSanitizer.SanitizeHtml("<style>test</style>", "style"), "<style>test</style>");
assert.equal(HtmlSanitizer.SanitizeHtml(`<p class="MsoNormal"><b><span onclick='blahblah' style="color:green">test</span></b><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>`), `<p><b><span style="color: green;">test</span></b></p>
<p></p>`);
assert.equal(HtmlSanitizer.SanitizeHtml("<mycustomtag>something</mycustomtag>"), "");
assert.equal(HtmlSanitizer.SanitizeHtml("<mycustomtag>something</mycustomtag>", "mycustomtag"), "<mycustomtag>something</mycustomtag>");
assert.equal(HtmlSanitizer.SanitizeHtml("<span>something<span><span> <style></style> </span> </span></span>"), "<span>something</span>");
HtmlSanitizer.AllowedTags["MYCUSTOMTAG"] = true;
assert.equal(HtmlSanitizer.SanitizeHtml("<mycustomtag>something</mycustomtag>"), "<mycustomtag>something</mycustomtag>");
delete HtmlSanitizer.AllowedTags["MYCUSTOMTAG"];
assert.equal(HtmlSanitizer.SanitizeHtml("<mycustomtag>something</mycustomtag>"), "");
assert.equal(HtmlSanitizer.SanitizeHtml("<form>something</form>"), "<div>something</div>");
assert.equal(HtmlSanitizer.SanitizeHtml("<input type=checkbox>"), "");
assert.equal(HtmlSanitizer.SanitizeHtml("<input type=checkbox>", "input[type=checkbox]"), "<input type=\"checkbox\">");
});
</script>
</body>
</html>