require "#{File.dirname(__FILE__)}/../abstract_unit" require "#{File.dirname(__FILE__)}/../testing_sandbox" # The exhaustive tests are in test/controller/html/sanitizer_test.rb. # This tests the that the helpers hook up correctly to the sanitizer classes. class SanitizeHelperTest < Test::Unit::TestCase include ActionView::Helpers::SanitizeHelper include ActionView::Helpers::TagHelper include TestingSandbox def test_strip_links assert_equal "Dont touch me", strip_links("Dont touch me") assert_equal "on my mind\nall day long") assert_equal "0wn3d", strip_links("0wn3d") assert_equal "Magic", strip_links("Magic") assert_equal "FrrFox", strip_links("FrrFox") assert_equal "My mind\nall day long", strip_links("My mind\nall day long") assert_equal "all day long", strip_links("<a href='hello'>all day long</a>") end def test_sanitize_form assert_sanitized "
", '' end def test_should_sanitize_illegal_style_properties raw = %(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;) expected = %(display: block; width: 100%; height: 100%; background-color: black; background-image: ; background-x: center; background-y: center;) assert_equal expected, sanitize_css(raw) end def test_strip_tags assert_equal("<<")) assert_equal("Dont touch me", strip_tags("Dont touch me")) assert_equal("This is a test.", strip_tags("

This is a test.

")) assert_equal("Weirdos", strip_tags("Wei<a onclick='alert(document.cookie);'/>rdos")) assert_equal("This is a test.", strip_tags("This is a test.")) assert_equal( %{This is a test.\n\n\nIt no longer contains any HTML.\n}, strip_tags( %{This is <b>a <a href="" target="_blank">test</a></b>.\n\n\n\n

It no longer contains any HTML.

\n})) assert_equal "This has a here.", strip_tags("This has a here.") [nil, '', ' '].each { |blank| assert_equal blank, strip_tags(blank) } end def assert_sanitized(text, expected = nil) assert_equal((expected || text), sanitize(text)) end end