// Copyright 2017 The Gitea Authors. All rights reserved.
// Copyright 2017 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package markup
import (
"html/template"
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
func Test_Sanitizer(t *testing.T) {
NewSanitizer()
testCases := []string{
// Regular
`Google`, `Google`,
// Code highlighting class
``, ``,
``, ``,
``, ``,
// Input checkbox
``, ``,
``, ``,
``, ``,
// Code highlight injection
``, ``,
`Hello there! Something has gone wrong, we are working on it.In the meantime, play a game with us at example.com.`, "\n\u00a0\n\nHello there! Something has gone wrong, we are working on it.\nIn the meantime, play a game with us at\u00a0example.com.\n",
// tags
`Ctrl + C`, `Ctrl + C`,
`NAUGHTY`, `NAUGHTY`,
``, ``,
`unchecked`, `unchecked`,
`NAUGHTY`, `NAUGHTY`,
`contents`, `contents`,
}
for i := 0; i < len(testCases); i += 2 {
assert.Equal(t, testCases[i+1], Sanitize(testCases[i]))
}
}
func TestSanitizeNonEscape(t *testing.T) {
descStr := "<script>alert(document.domain)</script>"
output := template.HTML(Sanitize(string(descStr)))
if strings.Contains(string(output), "
![](\"https://try.gogs.io/img/favicon.png\")
\n