aboutsummaryrefslogblamecommitdiffstats
path: root/tests/misc_dangerous_protocol.rs
blob: 1703d604dd1f99e1c2b1fe20741d797336690bb9 (plain) (tree) 
ec2d1bf


1dbf02d

2f37ee2


b33a81e

2f37ee2

ec2d1bf

2f37ee2





ec2d1bf

2f37ee2





ec2d1bf

2f37ee2





ec2d1bf

2f37ee2





ec2d1bf

2f37ee2





a3dd207

b33a81e

a3dd207

ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207






b33a81e

a3dd207

ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207





ec2d1bf

a3dd207




1
2

3

4
5

6

7

8

9
10
11
12
13

14

15
16
17
18
19

20

21
22
23
24
25

26

27
28
29
30
31

32

33
34
35
36
37

38

39

40

41

42
43
44
45
46

47

48
49
50
51
52

53

54
55
56
57
58

59

60
61
62
63
64

65

66
67
68
69
70

71

72
73
74
75
76

77

78
79
80
81
82

83

84
85
86
87
88

89

90
91
92
93
94

95

96
97
98
99
100

101

102
103
104
105
106

107

108
109
110
111
112

113

114
115
116
117
118
119

120

121

122

123
124
125
126
127

128

129
130
131
132
133

134

135
136
137
138
139

140

141
142
143
144
145

146

147
148
149
150
151

152

153
154
155
156
157

158

159
160
161
162
163

164

165
166
167
168
169

170

171
172
173
174
175

176

177
178
179
180
181

182

183
184
185
186
187

188

189
190
191
192
193

194

195
196
197
198


                      
                                 

       
                                  
               
                                         




                                                      
                              




                                                   
                               




                                                     
                                 




                                                         
                              




                                                   
       
                               
               
                                            




                                           
                                 




                                                   
                                  




                                                    
                                    




                                           
                                 




                                           
                           




                                             
                           




                                             
                           




                                             
                            




                                              
                             




                                               
                              




                                                
                              




                                                
                              





                                                
                              
               
                                           




                                   
                                




                                           
                                 




                                            
                                   




                                              
                                




                                           
                          




                                     
                          




                                     
                          




                                     
                           




                                      
                            




                                          
                             




                                        
                             




                                          
                             



                                        
extern crate markdown;
use markdown::to_html;
use pretty_assertions::assert_eq;

#[test]
fn dangerous_protocol_autolink() {
    assert_eq!(
        to_html("<javascript:alert(1)>"),
        "<p><a href=\"\">javascript:alert(1)</a></p>",
        "should be safe by default"
    );

    assert_eq!(
        to_html("<http://a>"),
        "<p><a href=\"http://a\">http://a</a></p>",
        "should allow `http:`"
    );

    assert_eq!(
        to_html("<https://a>"),
        "<p><a href=\"https://a\">https://a</a></p>",
        "should allow `https:`"
    );

    assert_eq!(
        to_html("<irc:///help>"),
        "<p><a href=\"irc:///help\">irc:///help</a></p>",
        "should allow `irc:`"
    );

    assert_eq!(
        to_html("<mailto:a>"),
        "<p><a href=\"mailto:a\">mailto:a</a></p>",
        "should allow `mailto:`"
    );
}

#[test]
fn dangerous_protocol_image() {
    assert_eq!(
        to_html("![](javascript:alert(1))"),
        "<p><img src=\"\" alt=\"\" /></p>",
        "should be safe by default"
    );

    assert_eq!(
        to_html("![](http://a)"),
        "<p><img src=\"http://a\" alt=\"\" /></p>",
        "should allow `http:`"
    );

    assert_eq!(
        to_html("![](https://a)"),
        "<p><img src=\"https://a\" alt=\"\" /></p>",
        "should allow `https:`"
    );

    assert_eq!(
        to_html("![](irc:///help)"),
        "<p><img src=\"\" alt=\"\" /></p>",
        "should not allow `irc:`"
    );

    assert_eq!(
        to_html("![](mailto:a)"),
        "<p><img src=\"\" alt=\"\" /></p>",
        "should not allow `mailto:`"
    );

    assert_eq!(
        to_html("![](#a)"),
        "<p><img src=\"#a\" alt=\"\" /></p>",
        "should allow a hash"
    );

    assert_eq!(
        to_html("![](?a)"),
        "<p><img src=\"?a\" alt=\"\" /></p>",
        "should allow a search"
    );

    assert_eq!(
        to_html("![](/a)"),
        "<p><img src=\"/a\" alt=\"\" /></p>",
        "should allow an absolute"
    );

    assert_eq!(
        to_html("![](./a)"),
        "<p><img src=\"./a\" alt=\"\" /></p>",
        "should allow an relative"
    );

    assert_eq!(
        to_html("![](../a)"),
        "<p><img src=\"../a\" alt=\"\" /></p>",
        "should allow an upwards relative"
    );

    assert_eq!(
        to_html("![](a#b:c)"),
        "<p><img src=\"a#b:c\" alt=\"\" /></p>",
        "should allow a colon in a hash"
    );

    assert_eq!(
        to_html("![](a?b:c)"),
        "<p><img src=\"a?b:c\" alt=\"\" /></p>",
        "should allow a colon in a search"
    );

    assert_eq!(
        to_html("![](a/b:c)"),
        "<p><img src=\"a/b:c\" alt=\"\" /></p>",
        "should allow a colon in a path"
    );
}

#[test]
fn dangerous_protocol_link() {
    assert_eq!(
        to_html("[](javascript:alert(1))"),
        "<p><a href=\"\"></a></p>",
        "should be safe by default"
    );

    assert_eq!(
        to_html("[](http://a)"),
        "<p><a href=\"http://a\"></a></p>",
        "should allow `http:`"
    );

    assert_eq!(
        to_html("[](https://a)"),
        "<p><a href=\"https://a\"></a></p>",
        "should allow `https:`"
    );

    assert_eq!(
        to_html("[](irc:///help)"),
        "<p><a href=\"irc:///help\"></a></p>",
        "should allow `irc:`"
    );

    assert_eq!(
        to_html("[](mailto:a)"),
        "<p><a href=\"mailto:a\"></a></p>",
        "should allow `mailto:`"
    );

    assert_eq!(
        to_html("[](#a)"),
        "<p><a href=\"#a\"></a></p>",
        "should allow a hash"
    );

    assert_eq!(
        to_html("[](?a)"),
        "<p><a href=\"?a\"></a></p>",
        "should allow a search"
    );

    assert_eq!(
        to_html("[](/a)"),
        "<p><a href=\"/a\"></a></p>",
        "should allow an absolute"
    );

    assert_eq!(
        to_html("[](./a)"),
        "<p><a href=\"./a\"></a></p>",
        "should allow an relative"
    );

    assert_eq!(
        to_html("[](../a)"),
        "<p><a href=\"../a\"></a></p>",
        "should allow an upwards relative"
    );

    assert_eq!(
        to_html("[](a#b:c)"),
        "<p><a href=\"a#b:c\"></a></p>",
        "should allow a colon in a hash"
    );

    assert_eq!(
        to_html("[](a?b:c)"),
        "<p><a href=\"a?b:c\"></a></p>",
        "should allow a colon in a search"
    );

    assert_eq!(
        to_html("[](a/b:c)"),
        "<p><a href=\"a/b:c\"></a></p>",
        "should allow a colon in a path"
    );
}
generated by cgit (git 2.34.1) at 2024-11-21 19:35:22 +0000