aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/template/html-scanner
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/template/html-scanner')
-rw-r--r--actionpack/test/template/html-scanner/document_test.rb2
-rw-r--r--actionpack/test/template/html-scanner/node_test.rb18
-rw-r--r--actionpack/test/template/html-scanner/sanitizer_test.rb34
-rw-r--r--actionpack/test/template/html-scanner/tag_node_test.rb46
-rw-r--r--actionpack/test/template/html-scanner/text_node_test.rb10
-rw-r--r--actionpack/test/template/html-scanner/tokenizer_test.rb20
6 files changed, 65 insertions, 65 deletions
diff --git a/actionpack/test/template/html-scanner/document_test.rb b/actionpack/test/template/html-scanner/document_test.rb
index c68f04fa75..ddfb351595 100644
--- a/actionpack/test/template/html-scanner/document_test.rb
+++ b/actionpack/test/template/html-scanner/document_test.rb
@@ -15,7 +15,7 @@ class DocumentTest < Test::Unit::TestCase
assert_match %r{\s+}m, doc.root.children[1].content
assert_equal "html", doc.root.children[2].name
end
-
+
def test_find_img
doc = HTML::Document.new <<-HTML.strip
<html>
diff --git a/actionpack/test/template/html-scanner/node_test.rb b/actionpack/test/template/html-scanner/node_test.rb
index b0df36877e..f4b9b198e8 100644
--- a/actionpack/test/template/html-scanner/node_test.rb
+++ b/actionpack/test/template/html-scanner/node_test.rb
@@ -1,39 +1,39 @@
require 'abstract_unit'
class NodeTest < Test::Unit::TestCase
-
+
class MockNode
def initialize(matched, value)
@matched = matched
@value = value
end
-
+
def find(conditions)
@matched && self
end
-
+
def to_s
@value.to_s
end
end
-
+
def setup
@node = HTML::Node.new("parent")
@node.children.concat [MockNode.new(false,1), MockNode.new(true,"two"), MockNode.new(false,:three)]
end
-
+
def test_match
assert !@node.match("foo")
end
-
+
def test_tag
assert !@node.tag?
end
-
+
def test_to_s
assert_equal "1twothree", @node.to_s
end
-
+
def test_find
assert_equal "two", @node.find('blah').to_s
end
@@ -58,7 +58,7 @@ class NodeTest < Test::Unit::TestCase
assert node.attributes.has_key?("bar")
assert "<b foo bar>", node.to_s
end
-
+
def test_parse_with_unclosed_tag
s = "<span onmouseover='bang'"
node = nil
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb
index c9edde8892..3e80317b30 100644
--- a/actionpack/test/template/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/template/html-scanner/sanitizer_test.rb
@@ -24,11 +24,11 @@ class SanitizerTest < ActionController::TestCase
def test_strip_links
sanitizer = HTML::LinkSanitizer.new
- assert_equal "Dont touch me", sanitizer.sanitize("Dont touch me")
+ assert_equal "Dont touch me", sanitizer.sanitize("Dont touch me")
assert_equal "on my mind\nall day long", sanitizer.sanitize("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>")
- assert_equal "0wn3d", sanitizer.sanitize("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>")
- assert_equal "Magic", sanitizer.sanitize("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")
- assert_equal "FrrFox", sanitizer.sanitize("<href onlclick='steal()'>FrrFox</a></href>")
+ assert_equal "0wn3d", sanitizer.sanitize("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>")
+ assert_equal "Magic", sanitizer.sanitize("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")
+ assert_equal "FrrFox", sanitizer.sanitize("<href onlclick='steal()'>FrrFox</a></href>")
assert_equal "My mind\nall <b>day</b> long", sanitizer.sanitize("<a href='almost'>My mind</a>\n<A href='almost'>all <b>day</b> long</A>")
assert_equal "all <b>day</b> long", sanitizer.sanitize("<<a>a href='hello'>all <b>day</b> long<</A>/a>")
@@ -58,7 +58,7 @@ class SanitizerTest < ActionController::TestCase
raw = %{href="javascript:bang" <a href="javascript:bang" name="hello">foo</a>, <span href="javascript:bang">bar</span>}
assert_sanitized raw, %{href="javascript:bang" <a name="hello">foo</a>, <span>bar</span>}
end
-
+
def test_sanitize_image_src
raw = %{src="javascript:bang" <img src="javascript:bang" width="5">foo</img>, <span src="javascript:bang">bar</span>}
assert_sanitized raw, %{src="javascript:bang" <img width="5">foo</img>, <span>bar</span>}
@@ -147,9 +147,9 @@ class SanitizerTest < ActionController::TestCase
assert_sanitized %(<SCRIPT\nSRC=http://ha.ckers.org/xss.js></SCRIPT>), ""
end
- [%(<IMG SRC="javascript:alert('XSS');">),
- %(<IMG SRC=javascript:alert('XSS')>),
- %(<IMG SRC=JaVaScRiPt:alert('XSS')>),
+ [%(<IMG SRC="javascript:alert('XSS');">),
+ %(<IMG SRC=javascript:alert('XSS')>),
+ %(<IMG SRC=JaVaScRiPt:alert('XSS')>),
%(<IMG """><SCRIPT>alert("XSS")</SCRIPT>">),
%(<IMG SRC=javascript:alert(&quot;XSS&quot;)>),
%(<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>),
@@ -166,28 +166,28 @@ class SanitizerTest < ActionController::TestCase
assert_sanitized img_hack, "<img>"
end
end
-
+
def test_should_sanitize_tag_broken_up_by_null
assert_sanitized %(<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>), "alert(\"XSS\")"
end
-
+
def test_should_sanitize_invalid_script_tag
assert_sanitized %(<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>), ""
end
-
+
def test_should_sanitize_script_tag_with_multiple_open_brackets
assert_sanitized %(<<SCRIPT>alert("XSS");//<</SCRIPT>), "&lt;"
assert_sanitized %(<iframe src=http://ha.ckers.org/scriptlet.html\n<a), %(&lt;a)
end
-
+
def test_should_sanitize_unclosed_script
assert_sanitized %(<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>), "<b>"
end
-
+
def test_should_sanitize_half_open_scripts
assert_sanitized %(<IMG SRC="javascript:alert('XSS')"), "<img>"
end
-
+
def test_should_not_fall_for_ridiculous_hack
img_hack = %(<IMG\nSRC\n=\n"\nj\na\nv\na\ns\nc\nr\ni\np\nt\n:\na\nl\ne\nr\nt\n(\n'\nX\nS\nS\n'\n)\n"\n>)
assert_sanitized img_hack, "<img>"
@@ -214,15 +214,15 @@ class SanitizerTest < ActionController::TestCase
raw = %(-moz-binding:url('http://ha.ckers.org/xssmoz.xml#xss'))
assert_equal '', sanitize_css(raw)
end
-
+
def test_should_sanitize_invalid_tag_names
assert_sanitized(%(a b c<script/XSS src="http://ha.ckers.org/xss.js"></script>d e f), "a b cd e f")
end
-
+
def test_should_sanitize_non_alpha_and_non_digit_characters_in_tags
assert_sanitized('<a onclick!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>foo</a>', "<a>foo</a>")
end
-
+
def test_should_sanitize_invalid_tag_names_in_single_tags
assert_sanitized('<img/src="http://ha.ckers.org/xss.js"/>', "<img />")
end
diff --git a/actionpack/test/template/html-scanner/tag_node_test.rb b/actionpack/test/template/html-scanner/tag_node_test.rb
index d1d4667378..9c8fcdc8fc 100644
--- a/actionpack/test/template/html-scanner/tag_node_test.rb
+++ b/actionpack/test/template/html-scanner/tag_node_test.rb
@@ -7,7 +7,7 @@ class TagNodeTest < Test::Unit::TestCase
assert_equal Hash.new, node.attributes
assert_nil node.closing
end
-
+
def test_open_with_attributes
node = tag("<TAG1 foo=hey_ho x:bar=\"blah blah\" BAZ='blah blah blah' >")
assert_equal "tag1", node.name
@@ -15,28 +15,28 @@ class TagNodeTest < Test::Unit::TestCase
assert_equal "blah blah", node["x:bar"]
assert_equal "blah blah blah", node["baz"]
end
-
+
def test_self_closing_without_attributes
node = tag("<tag/>")
assert_equal "tag", node.name
assert_equal Hash.new, node.attributes
assert_equal :self, node.closing
end
-
+
def test_self_closing_with_attributes
node = tag("<tag a=b/>")
assert_equal "tag", node.name
assert_equal( { "a" => "b" }, node.attributes )
assert_equal :self, node.closing
end
-
+
def test_closing_without_attributes
node = tag("</tag>")
assert_equal "tag", node.name
assert_nil node.attributes
assert_equal :close, node.closing
end
-
+
def test_bracket_op_when_no_attributes
node = tag("</tag>")
assert_nil node["foo"]
@@ -46,27 +46,27 @@ class TagNodeTest < Test::Unit::TestCase
node = tag("<tag a=b/>")
assert_equal "b", node["a"]
end
-
+
def test_attributes_with_escaped_quotes
node = tag("<tag a='b\\'c' b=\"bob \\\"float\\\"\">")
assert_equal "b\\'c", node["a"]
assert_equal "bob \\\"float\\\"", node["b"]
end
-
+
def test_to_s
node = tag("<a b=c d='f' g=\"h 'i'\" />")
assert_equal %(<a b='c' d='f' g='h \\'i\\'' />), node.to_s
end
-
+
def test_tag
assert tag("<tag>").tag?
end
-
+
def test_match_tag_as_string
assert tag("<tag>").match(:tag => "tag")
assert !tag("<tag>").match(:tag => "b")
end
-
+
def test_match_tag_as_regexp
assert tag("<tag>").match(:tag => /t.g/)
assert !tag("<tag>").match(:tag => /t[bqs]g/)
@@ -77,45 +77,45 @@ class TagNodeTest < Test::Unit::TestCase
assert t.match(:attributes => {"a" => "something"})
assert t.match(:attributes => {"b" => "else"})
end
-
+
def test_match_attributes_as_regexp
t = tag("<tag a=something b=else />")
assert t.match(:attributes => {"a" => /^something$/})
assert t.match(:attributes => {"b" => /e.*e/})
assert t.match(:attributes => {"a" => /me..i/, "b" => /.ls.$/})
end
-
+
def test_match_attributes_as_number
t = tag("<tag a=15 b=3.1415 />")
assert t.match(:attributes => {"a" => 15})
assert t.match(:attributes => {"b" => 3.1415})
assert t.match(:attributes => {"a" => 15, "b" => 3.1415})
end
-
+
def test_match_attributes_exist
t = tag("<tag a=15 b=3.1415 />")
assert t.match(:attributes => {"a" => true})
assert t.match(:attributes => {"b" => true})
assert t.match(:attributes => {"a" => true, "b" => true})
end
-
+
def test_match_attributes_not_exist
t = tag("<tag a=15 b=3.1415 />")
assert t.match(:attributes => {"c" => false})
assert t.match(:attributes => {"c" => nil})
assert t.match(:attributes => {"a" => true, "c" => false})
end
-
+
def test_match_parent_success
t = tag("<tag a=15 b='hello'>", tag("<foo k='value'>"))
assert t.match(:parent => {:tag => "foo", :attributes => {"k" => /v.l/, "j" => false}})
end
-
+
def test_match_parent_fail
t = tag("<tag a=15 b='hello'>", tag("<foo k='value'>"))
assert !t.match(:parent => {:tag => /kafka/})
end
-
+
def test_match_child_success
t = tag("<tag x:k='something'>")
tag("<child v=john a=kelly>", t)
@@ -123,7 +123,7 @@ class TagNodeTest < Test::Unit::TestCase
assert t.match(:child => { :tag => "sib", :attributes => {"v" => /j/}})
assert t.match(:child => { :attributes => {"a" => "kelly"}})
end
-
+
def test_match_child_fail
t = tag("<tag x:k='something'>")
tag("<child v=john a=kelly>", t)
@@ -131,13 +131,13 @@ class TagNodeTest < Test::Unit::TestCase
assert !t.match(:child => { :tag => "sib", :attributes => {"v" => /r/}})
assert !t.match(:child => { :attributes => {"v" => false}})
end
-
+
def test_match_ancestor_success
t = tag("<tag x:k='something'>", tag("<parent v=john a=kelly>", tag("<grandparent m=vaughn v=james>")))
assert t.match(:ancestor => {:tag => "parent", :attributes => {"a" => /ll/}})
assert t.match(:ancestor => {:attributes => {"m" => "vaughn"}})
end
-
+
def test_match_ancestor_fail
t = tag("<tag x:k='something'>", tag("<parent v=john a=kelly>", tag("<grandparent m=vaughn v=james>")))
assert !t.match(:ancestor => {:tag => /^parent/, :attributes => {"v" => /m/}})
@@ -149,13 +149,13 @@ class TagNodeTest < Test::Unit::TestCase
assert t.match(:descendant => {:tag => "child", :attributes => {"a" => /ll/}})
assert t.match(:descendant => {:attributes => {"m" => "vaughn"}})
end
-
+
def test_match_descendant_fail
tag("<grandchild m=vaughn v=james>", tag("<child v=john a=kelly>", t = tag("<tag x:k='something'>")))
assert !t.match(:descendant => {:tag => /^child/, :attributes => {"v" => /m/}})
assert !t.match(:descendant => {:attributes => {"v" => false}})
end
-
+
def test_match_child_count
t = tag("<tag x:k='something'>")
tag("hello", t)
@@ -229,7 +229,7 @@ class TagNodeTest < Test::Unit::TestCase
end
private
-
+
def tag(content, parent=nil)
node = HTML::Node.parse(parent,0,0,content)
parent.children << node if parent
diff --git a/actionpack/test/template/html-scanner/text_node_test.rb b/actionpack/test/template/html-scanner/text_node_test.rb
index 1ab3f4454e..6f61253ffa 100644
--- a/actionpack/test/template/html-scanner/text_node_test.rb
+++ b/actionpack/test/template/html-scanner/text_node_test.rb
@@ -4,27 +4,27 @@ class TextNodeTest < Test::Unit::TestCase
def setup
@node = HTML::Text.new(nil, 0, 0, "hello, howdy, aloha, annyeong")
end
-
+
def test_to_s
assert_equal "hello, howdy, aloha, annyeong", @node.to_s
end
-
+
def test_find_string
assert_equal @node, @node.find("hello, howdy, aloha, annyeong")
assert_equal false, @node.find("bogus")
end
-
+
def test_find_regexp
assert_equal @node, @node.find(/an+y/)
assert_nil @node.find(/b/)
end
-
+
def test_find_hash
assert_equal @node, @node.find(:content => /howdy/)
assert_nil @node.find(:content => /^howdy$/)
assert_equal false, @node.find(:content => "howdy")
end
-
+
def test_find_other
assert_nil @node.find(:hello)
end
diff --git a/actionpack/test/template/html-scanner/tokenizer_test.rb b/actionpack/test/template/html-scanner/tokenizer_test.rb
index a001bcbbad..bf45a7c2e3 100644
--- a/actionpack/test/template/html-scanner/tokenizer_test.rb
+++ b/actionpack/test/template/html-scanner/tokenizer_test.rb
@@ -29,7 +29,7 @@ class TokenizerTest < Test::Unit::TestCase
tokenize "</tag>"
assert_next "</tag>"
end
-
+
def test_tag_with_single_quoted_attribute
tokenize %{<tag a='hello'>x}
assert_next %{<tag a='hello'>}
@@ -49,7 +49,7 @@ class TokenizerTest < Test::Unit::TestCase
tokenize %{<tag a="hello\\"">x}
assert_next %{<tag a="hello\\"">}
end
-
+
def test_tag_with_unquoted_attribute
tokenize %{<tag a=hello>x}
assert_next %{<tag a=hello>}
@@ -59,12 +59,12 @@ class TokenizerTest < Test::Unit::TestCase
tokenize %{<tag a="x < y">x}
assert_next %{<tag a="x < y">}
end
-
+
def test_tag_with_gt_char_in_attribute
tokenize %{<tag a="x > y">x}
assert_next %{<tag a="x > y">}
end
-
+
def test_doctype_tag
tokenize %{<!DOCTYPE "blah" "blah" "blah">\n <html>}
assert_next %{<!DOCTYPE "blah" "blah" "blah">}
@@ -90,7 +90,7 @@ class TokenizerTest < Test::Unit::TestCase
assert_next %{original }
assert_next %{< hello > world}
end
-
+
def test_less_than_without_matching_greater_than
tokenize %{hello <span onmouseover="gotcha"\n<b>foo</b>\nbar</span>}
assert_next %{hello }
@@ -109,22 +109,22 @@ class TokenizerTest < Test::Unit::TestCase
assert_next %{<!-- neverending...}
assert_end
end
-
+
private
-
+
def tokenize(text)
@tokenizer = HTML::Tokenizer.new(text)
end
-
+
def assert_next(expected, message=nil)
token = @tokenizer.next
assert_equal expected, token, message
end
-
+
def assert_sequence(*expected)
assert_next expected.shift until expected.empty?
end
-
+
def assert_end(message=nil)
assert_nil @tokenizer.next, message
end