From 1a1822726189f3cfff305dea62e5cfbdbc0da577 Mon Sep 17 00:00:00 2001 From: Jeffrey Hardy Date: Wed, 22 Oct 2008 16:03:21 -0400 Subject: Fix that HTML::Node.parse would blow up on unclosed CDATA sections. If an unclosed CDATA section is encountered and parsing is strict, an exception will be raised. Otherwise, we consider the remainder of the line to be the section contents. This is consistent with HTML::Tokenizer#scan_tag. Signed-off-by: Jeremy Kemper --- actionpack/test/controller/html-scanner/sanitizer_test.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'actionpack/test/controller/html-scanner/sanitizer_test.rb') diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb index db142f0bc6..a9e8447e32 100644 --- a/actionpack/test/controller/html-scanner/sanitizer_test.rb +++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb @@ -17,6 +17,8 @@ class SanitizerTest < Test::Unit::TestCase %{This is a test.\n\n\nIt no longer contains any HTML.\n}, sanitizer.sanitize( %{This is <b>a <a href="" target="_blank">test</a></b>.\n\n\n\n

It no longer contains any HTML.

\n})) assert_equal "This has a here.", sanitizer.sanitize("This has a here.") + assert_equal "This has a here.", sanitizer.sanitize("This has a ]]> here.") + assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed ]] here...") [nil, '', ' '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) } end @@ -243,6 +245,14 @@ class SanitizerTest < Test::Unit::TestCase assert_sanitized %(), '' end + def test_should_sanitize_cdata_section + assert_sanitized "section]]>", "<![CDATA[<span>section</span>]]>" + end + + def test_should_sanitize_unterminated_cdata_section + assert_sanitized "neverending...", "<![CDATA[<span>neverending...]]>" + end + protected def assert_sanitized(input, expected = nil) @sanitizer ||= HTML::WhiteListSanitizer.new -- cgit v1.2.3