-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsanitize_test.go
More file actions
53 lines (41 loc) · 1.54 KB
/
sanitize_test.go
File metadata and controls
53 lines (41 loc) · 1.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package sanitize_test
import (
"bytes"
"html"
"strings"
"testing"
"github.com/sonalys/sanitize"
"github.com/stretchr/testify/require"
)
func TestSanitize(t *testing.T) {
t.Run("case 1", func(t *testing.T) {
inputHTML := `<html><body onerror="hacked"><a>test</a><img src=" cid:attachment1"/><script style="">alert("test")</script></body><img src="javascript:alert('1')"/></html>`
expectedOutput := `<html><head></head><body><a>test</a><img src="translated://cid:attachment1"/><img/></body></html>`
reader := strings.NewReader(inputHTML)
writer := bytes.NewBuffer(make([]byte, 0, len(inputHTML)))
err := sanitize.HTML(reader, writer,
sanitize.DefaultEmailPolicies(),
sanitize.TranslateSources(func(s string) string {
return "translated://" + strings.TrimSpace(s)
}),
)
require.NoError(t, err)
result := writer.String()
require.Equal(t, expectedOutput, result)
})
t.Run("escaped", func(t *testing.T) {
in := html.EscapeString("<img/>")
reader := strings.NewReader(in)
writer := bytes.NewBuffer(make([]byte, 0, len(in)))
err := sanitize.HTML(reader, writer)
require.NoError(t, err)
require.Equal(t, "<html><head></head><body><img/></body></html>", writer.String())
})
t.Run("normalization verification", func(t *testing.T) {
reader := strings.NewReader("<scrİpt/>")
writer := bytes.NewBuffer(make([]byte, 0, reader.Len()))
err := sanitize.HTML(reader, writer, sanitize.BlockUnknownAtoms())
require.NoError(t, err)
require.Equal(t, `<html><head></head><body></body></html>`, writer.String())
})
}