diff options
author | Titus Wormer <tituswormer@gmail.com> | 2022-06-15 13:15:02 +0200 |
---|---|---|
committer | Titus Wormer <tituswormer@gmail.com> | 2022-06-15 13:15:02 +0200 |
commit | 2f37ee269725b82913e937fbaaed909f10e4c464 (patch) | |
tree | 418ce551f160c5d5df54033c860f4d6e82d374ca | |
parent | 70afc162071250ccf1a855a5131154599b58034d (diff) | |
download | markdown-rs-2f37ee269725b82913e937fbaaed909f10e4c464.tar.gz markdown-rs-2f37ee269725b82913e937fbaaed909f10e4c464.tar.bz2 markdown-rs-2f37ee269725b82913e937fbaaed909f10e4c464.zip |
Add tests for dangerous options
Diffstat (limited to '')
-rw-r--r-- | tests/misc_dangerous_html.rs | 28 | ||||
-rw-r--r-- | tests/misc_dangerous_protocol.rs | 199 |
2 files changed, 227 insertions, 0 deletions
diff --git a/tests/misc_dangerous_html.rs b/tests/misc_dangerous_html.rs new file mode 100644 index 0000000..7a0b49a --- /dev/null +++ b/tests/misc_dangerous_html.rs @@ -0,0 +1,28 @@ +extern crate micromark; +use micromark::{micromark, micromark_with_options, CompileOptions}; + +const DANGER: &CompileOptions = &CompileOptions { + allow_dangerous_html: true, + allow_dangerous_protocol: true, +}; + +#[test] +fn dangerous_html() { + assert_eq!( + micromark("<x>"), + "<x>", + "should be safe by default for flow" + ); + + assert_eq!( + micromark("a<b>"), + "<p>a<b></p>", + "should be safe by default for text" + ); + + assert_eq!( + micromark_with_options("<x>", DANGER), + "<x>", + "should be unsafe w/ `allowDangerousHtml`" + ); +} diff --git a/tests/misc_dangerous_protocol.rs b/tests/misc_dangerous_protocol.rs new file mode 100644 index 0000000..9069ecd --- /dev/null +++ b/tests/misc_dangerous_protocol.rs @@ -0,0 +1,199 @@ +extern crate micromark; +use micromark::{micromark}; + +#[test] +fn dangerous_protocol_autolink() { + assert_eq!( + micromark("<javascript:alert(1)>"), + "<p><a href=\"\">javascript:alert(1)</a></p>", + "should be safe by default" + ); + + assert_eq!( + micromark("<http://a>"), + "<p><a href=\"http://a\">http://a</a></p>", + "should allow `http:`" + ); + + assert_eq!( + micromark("<https://a>"), + "<p><a href=\"https://a\">https://a</a></p>", + "should allow `https:`" + ); + + assert_eq!( + micromark("<irc:///help>"), + "<p><a href=\"irc:///help\">irc:///help</a></p>", + "should allow `irc:`" + ); + + assert_eq!( + micromark("<mailto:a>"), + "<p><a href=\"mailto:a\">mailto:a</a></p>", + "should allow `mailto:`" + ); +} + +// To do: image. +// #[test] +// fn dangerous_protocol_image() { +// assert_eq!( +// micromark("![](javascript:alert(1))"), +// "<p><img src=\"\" alt=\"\" /></p>", +// "should be safe by default" +// ); + +// assert_eq!( +// micromark("![](http://a)"), +// "<p><img src=\"http://a\" alt=\"\" /></p>", +// "should allow `http:`" +// ); + +// assert_eq!( +// micromark("![](https://a)"), +// "<p><img src=\"https://a\" alt=\"\" /></p>", +// "should allow `https:`" +// ); + +// assert_eq!( +// micromark("![](irc:///help)"), +// "<p><img src=\"\" alt=\"\" /></p>", +// "should not allow `irc:`" +// ); + +// assert_eq!( +// micromark("![](mailto:a)"), +// "<p><img src=\"\" alt=\"\" /></p>", +// "should not allow `mailto:`" +// ); + +// assert_eq!( +// micromark("![](#a)"), +// "<p><img src=\"#a\" alt=\"\" /></p>", +// "should allow a hash" +// ); + +// assert_eq!( +// micromark("![](?a)"), +// "<p><img src=\"?a\" alt=\"\" /></p>", +// "should allow a search" +// ); + +// assert_eq!( +// micromark("![](/a)"), +// "<p><img src=\"/a\" alt=\"\" /></p>", +// "should allow an absolute" +// ); + +// assert_eq!( +// micromark("![](./a)"), +// "<p><img src=\"./a\" alt=\"\" /></p>", +// "should allow an relative" +// ); + +// assert_eq!( +// micromark("![](../a)"), +// "<p><img src=\"../a\" alt=\"\" /></p>", +// "should allow an upwards relative" +// ); + +// assert_eq!( +// micromark("![](a#b:c)"), +// "<p><img src=\"a#b:c\" alt=\"\" /></p>", +// "should allow a colon in a hash" +// ); + +// assert_eq!( +// micromark("![](a?b:c)"), +// "<p><img src=\"a?b:c\" alt=\"\" /></p>", +// "should allow a colon in a search" +// ); + +// assert_eq!( +// micromark("![](a/b:c)"), +// "<p><img src=\"a/b:c\" alt=\"\" /></p>", +// "should allow a colon in a path" +// ); +// } + +// To do: link. +// #[test] +// fn dangerous_protocol_link() { +// assert_eq!( +// micromark("[](javascript:alert(1))"), +// "<p><a href=\"\"></a></p>", +// "should be safe by default" +// ); + +// assert_eq!( +// micromark("[](http://a)"), +// "<p><a href=\"http://a\"></a></p>", +// "should allow `http:`" +// ); + +// assert_eq!( +// micromark("[](https://a)"), +// "<p><a href=\"https://a\"></a></p>", +// "should allow `https:`" +// ); + +// assert_eq!( +// micromark("[](irc:///help)"), +// "<p><a href=\"irc:///help\"></a></p>", +// "should allow `irc:`" +// ); + +// assert_eq!( +// micromark("[](mailto:a)"), +// "<p><a href=\"mailto:a\"></a></p>", +// "should allow `mailto:`" +// ); + +// assert_eq!( +// micromark("[](#a)"), +// "<p><a href=\"#a\"></a></p>", +// "should allow a hash" +// ); + +// assert_eq!( +// micromark("[](?a)"), +// "<p><a href=\"?a\"></a></p>", +// "should allow a search" +// ); + +// assert_eq!( +// micromark("[](/a)"), +// "<p><a href=\"/a\"></a></p>", +// "should allow an absolute" +// ); + +// assert_eq!( +// micromark("[](./a)"), +// "<p><a href=\"./a\"></a></p>", +// "should allow an relative" +// ); + +// assert_eq!( +// micromark("[](../a)"), +// "<p><a href=\"../a\"></a></p>", +// "should allow an upwards relative" +// ); + +// assert_eq!( +// micromark("[](a#b:c)"), +// "<p><a href=\"a#b:c\"></a></p>", +// "should allow a colon in a hash" +// ); + +// assert_eq!( +// micromark("[](a?b:c)"), +// "<p><a href=\"a?b:c\"></a></p>", +// "should allow a colon in a search" +// ); + +// assert_eq!( +// micromark("[](a/b:c)"), +// "<p><a href=\"a/b:c\"></a></p>", +// "should allow a colon in a path" +// ); +// } |