aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/test/template/sanitize_helper_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionview/test/template/sanitize_helper_test.rb')
-rw-r--r--actionview/test/template/sanitize_helper_test.rb35
1 files changed, 35 insertions, 0 deletions
diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb
new file mode 100644
index 0000000000..e4be21be2c
--- /dev/null
+++ b/actionview/test/template/sanitize_helper_test.rb
@@ -0,0 +1,35 @@
+require 'abstract_unit'
+
+# The exhaustive tests are in test/controller/html/sanitizer_test.rb.
+# This tests that the helpers hook up correctly to the sanitizer classes.
+class SanitizeHelperTest < ActionView::TestCase
+ tests ActionView::Helpers::SanitizeHelper
+
+ def test_strip_links
+ assert_equal "Dont touch me", strip_links("Dont touch me")
+ assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>")
+ assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")
+ assert_equal "My mind\nall <b>day</b> long", strip_links("<a href='almost'>My mind</a>\n<A href='almost'>all <b>day</b> long</A>")
+ end
+
+ def test_sanitize_form
+ assert_equal '', sanitize("<form action=\"/foo/bar\" method=\"post\"><input></form>")
+ end
+
+ def test_should_sanitize_illegal_style_properties
+ raw = %(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;)
+ expected = %(display: block; width: 100%; height: 100%; background-color: black; background-x: center; background-y: center;)
+ assert_equal expected, sanitize_css(raw)
+ end
+
+ def test_strip_tags
+ assert_equal("Dont touch me", strip_tags("Dont touch me"))
+ assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>"))
+ assert_equal "This has a here.", strip_tags("This has a <!-- comment --> here.")
+ assert_equal "", strip_tags("<script>")
+ end
+
+ def test_sanitize_is_marked_safe
+ assert sanitize("<html><script></script></html>").html_safe?
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-18 23:00:13 +0000