邹方成
45815bfb7d
refactor(utils): 修复密码哈希比较逻辑错误 feat(user): 新增按状态筛选优惠券接口 docs: 添加虚拟发货与任务中心相关文档 fix(wechat): 修正Code2Session上下文传递问题 test: 补充订单折扣与积分转换测试用例 build: 更新配置文件与构建脚本 style: 清理多余的空行与注释
46 lines
1.1 KiB
Go
46 lines
1.1 KiB
Go
package activity
|
|
|
|
import "testing"
|
|
|
|
func TestSanitizeHTML_RemovesScript(t *testing.T) {
|
|
in := `<div>ok</div><script>alert(1)</script>`
|
|
out := sanitizeHTML(in)
|
|
if out == in || contains(out, "<script") {
|
|
t.Fatalf("script tag not removed: %s", out)
|
|
}
|
|
}
|
|
|
|
func TestSanitizeHTML_RemovesOnEvent(t *testing.T) {
|
|
in := `<a onclick="do()">link</a>`
|
|
out := sanitizeHTML(in)
|
|
if contains(out, "onclick=") {
|
|
t.Fatalf("onclick attribute not removed: %s", out)
|
|
}
|
|
}
|
|
|
|
func TestSanitizeHTML_RemovesJavascriptProtocol(t *testing.T) {
|
|
in := `<a href="javascript:alert('x')">x</a>`
|
|
out := sanitizeHTML(in)
|
|
if contains(out, "javascript:") {
|
|
t.Fatalf("javascript protocol not removed: %s", out)
|
|
}
|
|
}
|
|
|
|
func contains(s, sub string) bool {
|
|
return len(s) >= len(sub) && (func() bool { return stringContains(s, sub) })()
|
|
}
|
|
|
|
func stringContains(s, sub string) bool {
|
|
return len(sub) == 0 || (len(s) >= len(sub) && indexOf(s, sub) >= 0)
|
|
}
|
|
|
|
func indexOf(s, sub string) int {
|
|
for i := 0; i+len(sub) <= len(s); i++ {
|
|
if s[i:i+len(sub)] == sub {
|
|
return i
|
|
}
|
|
}
|
|
return -1
|
|
}
|
|
|