diff options
Diffstat (limited to 'actionpack/test/template/html-scanner')
7 files changed, 32 insertions, 9 deletions
diff --git a/actionpack/test/template/html-scanner/cdata_node_test.rb b/actionpack/test/template/html-scanner/cdata_node_test.rb index 1822cc565a..9b58174641 100644 --- a/actionpack/test/template/html-scanner/cdata_node_test.rb +++ b/actionpack/test/template/html-scanner/cdata_node_test.rb @@ -1,6 +1,6 @@ require 'abstract_unit' -class CDATANodeTest < Test::Unit::TestCase +class CDATANodeTest < ActiveSupport::TestCase def setup @node = HTML::CDATA.new(nil, 0, 0, "<p>howdy</p>") end diff --git a/actionpack/test/template/html-scanner/document_test.rb b/actionpack/test/template/html-scanner/document_test.rb index 3db2fba783..17f045d549 100644 --- a/actionpack/test/template/html-scanner/document_test.rb +++ b/actionpack/test/template/html-scanner/document_test.rb @@ -1,6 +1,6 @@ require 'abstract_unit' -class DocumentTest < Test::Unit::TestCase +class DocumentTest < ActiveSupport::TestCase def test_handle_doctype doc = nil assert_nothing_raised do diff --git a/actionpack/test/template/html-scanner/node_test.rb b/actionpack/test/template/html-scanner/node_test.rb index f4b9b198e8..5b5d092036 100644 --- a/actionpack/test/template/html-scanner/node_test.rb +++ b/actionpack/test/template/html-scanner/node_test.rb @@ -1,6 +1,6 @@ require 'abstract_unit' -class NodeTest < Test::Unit::TestCase +class NodeTest < ActiveSupport::TestCase class MockNode def initialize(matched, value) diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb index 62ad6be680..324caef224 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -56,7 +56,6 @@ class SanitizerTest < ActionController::TestCase assert_sanitized "a b c<script language=\"Javascript\">blah blah blah</script>d e f", "a b cd e f" end - # TODO: Clean up def test_sanitize_js_handlers raw = %{onthis="do that" <a href="#" onclick="hello" name="foo" onbogus="remove me">hello</a>} assert_sanitized raw, %{onthis="do that" <a name="foo" href="#">hello</a>} @@ -126,6 +125,24 @@ class SanitizerTest < ActionController::TestCase assert_equal(text, sanitizer.sanitize(text, :attributes => ['foo'])) end + def test_should_raise_argument_error_if_tags_is_not_enumerable + sanitizer = HTML::WhiteListSanitizer.new + e = assert_raise(ArgumentError) do + sanitizer.sanitize('', :tags => 'foo') + end + + assert_equal "You should pass :tags as an Enumerable", e.message + end + + def test_should_raise_argument_error_if_attributes_is_not_enumerable + sanitizer = HTML::WhiteListSanitizer.new + e = assert_raise(ArgumentError) do + sanitizer.sanitize('', :attributes => 'foo') + end + + assert_equal "You should pass :attributes as an Enumerable", e.message + end + [%w(img src), %w(a href)].each do |(tag, attr)| define_method "test_should_strip_#{attr}_attribute_in_#{tag}_with_bad_protocols" do assert_sanitized %(<#{tag} #{attr}="javascript:bang" title="1">boo</#{tag}>), %(<#{tag} title="1">boo</#{tag}>) @@ -138,7 +155,7 @@ class SanitizerTest < ActionController::TestCase assert sanitizer.send(:contains_bad_protocols?, 'src', "#{proto}://bad") end end - + def test_should_accept_good_protocols_ignoring_case sanitizer = HTML::WhiteListSanitizer.new HTML::WhiteListSanitizer.allowed_protocols.each do |proto| @@ -146,6 +163,13 @@ class SanitizerTest < ActionController::TestCase end end + def test_should_accept_good_protocols_ignoring_space + sanitizer = HTML::WhiteListSanitizer.new + HTML::WhiteListSanitizer.allowed_protocols.each do |proto| + assert !sanitizer.send(:contains_bad_protocols?, 'src', " #{proto}://good") + end + end + def test_should_accept_good_protocols sanitizer = HTML::WhiteListSanitizer.new HTML::WhiteListSanitizer.allowed_protocols.each do |proto| @@ -208,7 +232,6 @@ class SanitizerTest < ActionController::TestCase assert_sanitized img_hack, "<img>" end - # TODO: Clean up def test_should_sanitize_attributes assert_sanitized %(<SPAN title="'><script>alert()</script>">blah</SPAN>), %(<span title="'><script>alert()</script>">blah</span>) end diff --git a/actionpack/test/template/html-scanner/tag_node_test.rb b/actionpack/test/template/html-scanner/tag_node_test.rb index 3b72243e7d..a29d2d43d7 100644 --- a/actionpack/test/template/html-scanner/tag_node_test.rb +++ b/actionpack/test/template/html-scanner/tag_node_test.rb @@ -1,6 +1,6 @@ require 'abstract_unit' -class TagNodeTest < Test::Unit::TestCase +class TagNodeTest < ActiveSupport::TestCase def test_open_without_attributes node = tag("<tag>") assert_equal "tag", node.name diff --git a/actionpack/test/template/html-scanner/text_node_test.rb b/actionpack/test/template/html-scanner/text_node_test.rb index 6f61253ffa..cbcb9e78f0 100644 --- a/actionpack/test/template/html-scanner/text_node_test.rb +++ b/actionpack/test/template/html-scanner/text_node_test.rb @@ -1,6 +1,6 @@ require 'abstract_unit' -class TextNodeTest < Test::Unit::TestCase +class TextNodeTest < ActiveSupport::TestCase def setup @node = HTML::Text.new(nil, 0, 0, "hello, howdy, aloha, annyeong") end diff --git a/actionpack/test/template/html-scanner/tokenizer_test.rb b/actionpack/test/template/html-scanner/tokenizer_test.rb index bf45a7c2e3..1d59de23b6 100644 --- a/actionpack/test/template/html-scanner/tokenizer_test.rb +++ b/actionpack/test/template/html-scanner/tokenizer_test.rb @@ -1,6 +1,6 @@ require 'abstract_unit' -class TokenizerTest < Test::Unit::TestCase +class TokenizerTest < ActiveSupport::TestCase def test_blank tokenize "" |