46 lines
1.1 KiB
Go
Executable File
46 lines
1.1 KiB
Go
Executable File
package activity
|
|
|
|
import "testing"
|
|
|
|
func TestSanitizeHTML_RemovesScript(t *testing.T) {
|
|
in := `<div>ok</div><script>alert(1)</script>`
|
|
out := sanitizeHTML(in)
|
|
if out == in || contains(out, "<script") {
|
|
t.Fatalf("script tag not removed: %s", out)
|
|
}
|
|
}
|
|
|
|
func TestSanitizeHTML_RemovesOnEvent(t *testing.T) {
|
|
in := `<a onclick="do()">link</a>`
|
|
out := sanitizeHTML(in)
|
|
if contains(out, "onclick=") {
|
|
t.Fatalf("onclick attribute not removed: %s", out)
|
|
}
|
|
}
|
|
|
|
func TestSanitizeHTML_RemovesJavascriptProtocol(t *testing.T) {
|
|
in := `<a href="javascript:alert('x')">x</a>`
|
|
out := sanitizeHTML(in)
|
|
if contains(out, "javascript:") {
|
|
t.Fatalf("javascript protocol not removed: %s", out)
|
|
}
|
|
}
|
|
|
|
func contains(s, sub string) bool {
|
|
return len(s) >= len(sub) && (func() bool { return stringContains(s, sub) })()
|
|
}
|
|
|
|
func stringContains(s, sub string) bool {
|
|
return len(sub) == 0 || (len(s) >= len(sub) && indexOf(s, sub) >= 0)
|
|
}
|
|
|
|
func indexOf(s, sub string) int {
|
|
for i := 0; i+len(sub) <= len(s); i++ {
|
|
if s[i:i+len(sub)] == sub {
|
|
return i
|
|
}
|
|
}
|
|
return -1
|
|
}
|
|
|