Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-08 12:06:51 +08:00
Code Packages Activity Actions 1

Upgrade QUnit to latest version

Browse source
This commit is contained in:
Robin Ward 2017-06-14 13:57:58 -04:00
parent 8ae445766f
commit cc525b1a8d
145 changed files with 7569 additions and 6763 deletions
Download patch file Download diff file Expand all files Collapse all files

48
test/javascripts/lib/sanitizer-test.js.es6
View file

@ -1,17 +1,17 @@
import { default as PrettyText, buildOptions } from 'pretty-text/pretty-text';
import { hrefAllowed } from 'pretty-text/sanitizer';
module("lib:sanitizer");
QUnit.module("lib:sanitizer");
test("sanitize", function() {
QUnit.test("sanitize", assert => {
const pt = new PrettyText(buildOptions({ siteSettings: {} }));
const cooked = (input, expected, text) => equal(pt.cook(input), expected.replace(/\/>/g, ">"), text);
const cooked = (input, expected, text) => assert.equal(pt.cook(input), expected.replace(/\/>/g, ">"), text);
equal(pt.sanitize("<i class=\"fa-bug fa-spin\">bug</i>"), "<i>bug</i>");
equal(pt.sanitize("<div><script>alert('hi');</script></div>"), "<div></div>");
equal(pt.sanitize("<div><p class=\"funky\" wrong='1'>hello</p></div>"), "<div><p>hello</p></div>");
equal(pt.sanitize("<3 <3"), "&lt;3 &lt;3");
equal(pt.sanitize("<_<"), "&lt;_&lt;");
assert.equal(pt.sanitize("<i class=\"fa-bug fa-spin\">bug</i>"), "<i>bug</i>");
assert.equal(pt.sanitize("<div><script>alert('hi');</script></div>"), "<div></div>");
assert.equal(pt.sanitize("<div><p class=\"funky\" wrong='1'>hello</p></div>"), "<div><p>hello</p></div>");
assert.equal(pt.sanitize("<3 <3"), "&lt;3 &lt;3");
assert.equal(pt.sanitize("<_<"), "&lt;_&lt;");
cooked("hello<script>alert(42)</script>", "<p>hello</p>", "it sanitizes while cooking");
cooked("<a href='http://disneyland.disney.go.com/'>disney</a> <a href='http://reddit.com'>reddit</a>",
@ -32,11 +32,11 @@ test("sanitize", function() {
"<iframe width=\"425\" height=\"350\" frameborder=\"0\" marginheight=\"0\" marginwidth=\"0\" src=\"http://www.openstreetmap.org/export/embed.html?bbox=22.49454975128174%2C51.220338322410775%2C22.523088455200195%2C51.23345342732931&amp;layer=mapnik\"></iframe>",
"it allows iframe to OpenStreetMap");
equal(pt.sanitize("<textarea>hullo</textarea>"), "hullo");
equal(pt.sanitize("<button>press me!</button>"), "press me!");
equal(pt.sanitize("<canvas>draw me!</canvas>"), "draw me!");
equal(pt.sanitize("<progress>hello"), "hello");
equal(pt.sanitize("<mark>highlight</mark>"), "highlight");
assert.equal(pt.sanitize("<textarea>hullo</textarea>"), "hullo");
assert.equal(pt.sanitize("<button>press me!</button>"), "press me!");
assert.equal(pt.sanitize("<canvas>draw me!</canvas>"), "draw me!");
assert.equal(pt.sanitize("<progress>hello"), "hello");
assert.equal(pt.sanitize("<mark>highlight</mark>"), "highlight");
cooked("[the answer](javascript:alert(42))", "<p><a>the answer</a></p>", "it prevents XSS");
@ -60,26 +60,26 @@ test("sanitize", function() {
cooked(`<div dir="rtl">RTL text</div>`, `<div dir="rtl">RTL text</div>`);
});
test("ids on headings", () => {
QUnit.test("ids on headings", assert => {
const pt = new PrettyText(buildOptions({ siteSettings: {} }));
equal(pt.sanitize("<h3>Test Heading</h3>"), "<h3>Test Heading</h3>");
equal(pt.sanitize(`<h1 id="test-heading">Test Heading</h1>`), `<h1 id="test-heading">Test Heading</h1>`);
equal(pt.sanitize(`<h2 id="test-heading">Test Heading</h2>`), `<h2 id="test-heading">Test Heading</h2>`);
equal(pt.sanitize(`<h3 id="test-heading">Test Heading</h3>`), `<h3 id="test-heading">Test Heading</h3>`);
equal(pt.sanitize(`<h4 id="test-heading">Test Heading</h4>`), `<h4 id="test-heading">Test Heading</h4>`);
equal(pt.sanitize(`<h5 id="test-heading">Test Heading</h5>`), `<h5 id="test-heading">Test Heading</h5>`);
equal(pt.sanitize(`<h6 id="test-heading">Test Heading</h6>`), `<h6 id="test-heading">Test Heading</h6>`);
assert.equal(pt.sanitize("<h3>Test Heading</h3>"), "<h3>Test Heading</h3>");
assert.equal(pt.sanitize(`<h1 id="test-heading">Test Heading</h1>`), `<h1 id="test-heading">Test Heading</h1>`);
assert.equal(pt.sanitize(`<h2 id="test-heading">Test Heading</h2>`), `<h2 id="test-heading">Test Heading</h2>`);
assert.equal(pt.sanitize(`<h3 id="test-heading">Test Heading</h3>`), `<h3 id="test-heading">Test Heading</h3>`);
assert.equal(pt.sanitize(`<h4 id="test-heading">Test Heading</h4>`), `<h4 id="test-heading">Test Heading</h4>`);
assert.equal(pt.sanitize(`<h5 id="test-heading">Test Heading</h5>`), `<h5 id="test-heading">Test Heading</h5>`);
assert.equal(pt.sanitize(`<h6 id="test-heading">Test Heading</h6>`), `<h6 id="test-heading">Test Heading</h6>`);
});
test("urlAllowed", () => {
const allowed = (url, msg) => equal(hrefAllowed(url), url, msg);
QUnit.test("urlAllowed", assert => {
const allowed = (url, msg) => assert.equal(hrefAllowed(url), url, msg);
allowed("/foo/bar.html", "allows relative urls");
allowed("http://eviltrout.com/evil/trout", "allows full urls");
allowed("https://eviltrout.com/evil/trout", "allows https urls");
allowed("//eviltrout.com/evil/trout", "allows protocol relative urls");
equal(hrefAllowed("http://google.com/test'onmouseover=alert('XSS!');//.swf"),
assert.equal(hrefAllowed("http://google.com/test'onmouseover=alert('XSS!');//.swf"),
"http://google.com/test%27onmouseover=alert(%27XSS!%27);//.swf",
"escape single quotes");
});