aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Titus Wormer <tituswormer@gmail.com>2022-06-15 13:15:02 +0200
committerLibravatar Titus Wormer <tituswormer@gmail.com>2022-06-15 13:15:02 +0200
commit2f37ee269725b82913e937fbaaed909f10e4c464 (patch)
tree418ce551f160c5d5df54033c860f4d6e82d374ca
parent70afc162071250ccf1a855a5131154599b58034d (diff)
downloadmarkdown-rs-2f37ee269725b82913e937fbaaed909f10e4c464.tar.gz
markdown-rs-2f37ee269725b82913e937fbaaed909f10e4c464.tar.bz2
markdown-rs-2f37ee269725b82913e937fbaaed909f10e4c464.zip
Add tests for dangerous options
-rw-r--r--tests/misc_dangerous_html.rs28
-rw-r--r--tests/misc_dangerous_protocol.rs199
2 files changed, 227 insertions, 0 deletions
diff --git a/tests/misc_dangerous_html.rs b/tests/misc_dangerous_html.rs
new file mode 100644
index 0000000..7a0b49a
--- /dev/null
+++ b/tests/misc_dangerous_html.rs
@@ -0,0 +1,28 @@
+extern crate micromark;
+use micromark::{micromark, micromark_with_options, CompileOptions};
+
+const DANGER: &CompileOptions = &CompileOptions {
+ allow_dangerous_html: true,
+ allow_dangerous_protocol: true,
+};
+
+#[test]
+fn dangerous_html() {
+ assert_eq!(
+ micromark("<x>"),
+ "&lt;x&gt;",
+ "should be safe by default for flow"
+ );
+
+ assert_eq!(
+ micromark("a<b>"),
+ "<p>a&lt;b&gt;</p>",
+ "should be safe by default for text"
+ );
+
+ assert_eq!(
+ micromark_with_options("<x>", DANGER),
+ "<x>",
+ "should be unsafe w/ `allowDangerousHtml`"
+ );
+}
diff --git a/tests/misc_dangerous_protocol.rs b/tests/misc_dangerous_protocol.rs
new file mode 100644
index 0000000..9069ecd
--- /dev/null
+++ b/tests/misc_dangerous_protocol.rs
@@ -0,0 +1,199 @@
+extern crate micromark;
+use micromark::{micromark};
+
+#[test]
+fn dangerous_protocol_autolink() {
+ assert_eq!(
+ micromark("<javascript:alert(1)>"),
+ "<p><a href=\"\">javascript:alert(1)</a></p>",
+ "should be safe by default"
+ );
+
+ assert_eq!(
+ micromark("<http://a>"),
+ "<p><a href=\"http://a\">http://a</a></p>",
+ "should allow `http:`"
+ );
+
+ assert_eq!(
+ micromark("<https://a>"),
+ "<p><a href=\"https://a\">https://a</a></p>",
+ "should allow `https:`"
+ );
+
+ assert_eq!(
+ micromark("<irc:///help>"),
+ "<p><a href=\"irc:///help\">irc:///help</a></p>",
+ "should allow `irc:`"
+ );
+
+ assert_eq!(
+ micromark("<mailto:a>"),
+ "<p><a href=\"mailto:a\">mailto:a</a></p>",
+ "should allow `mailto:`"
+ );
+}
+
+// To do: image.
+// #[test]
+// fn dangerous_protocol_image() {
+// assert_eq!(
+// micromark("![](javascript:alert(1))"),
+// "<p><img src=\"\" alt=\"\" /></p>",
+// "should be safe by default"
+// );
+
+// assert_eq!(
+// micromark("![](http://a)"),
+// "<p><img src=\"http://a\" alt=\"\" /></p>",
+// "should allow `http:`"
+// );
+
+// assert_eq!(
+// micromark("![](https://a)"),
+// "<p><img src=\"https://a\" alt=\"\" /></p>",
+// "should allow `https:`"
+// );
+
+// assert_eq!(
+// micromark("![](irc:///help)"),
+// "<p><img src=\"\" alt=\"\" /></p>",
+// "should not allow `irc:`"
+// );
+
+// assert_eq!(
+// micromark("![](mailto:a)"),
+// "<p><img src=\"\" alt=\"\" /></p>",
+// "should not allow `mailto:`"
+// );
+
+// assert_eq!(
+// micromark("![](#a)"),
+// "<p><img src=\"#a\" alt=\"\" /></p>",
+// "should allow a hash"
+// );
+
+// assert_eq!(
+// micromark("![](?a)"),
+// "<p><img src=\"?a\" alt=\"\" /></p>",
+// "should allow a search"
+// );
+
+// assert_eq!(
+// micromark("![](/a)"),
+// "<p><img src=\"/a\" alt=\"\" /></p>",
+// "should allow an absolute"
+// );
+
+// assert_eq!(
+// micromark("![](./a)"),
+// "<p><img src=\"./a\" alt=\"\" /></p>",
+// "should allow an relative"
+// );
+
+// assert_eq!(
+// micromark("![](../a)"),
+// "<p><img src=\"../a\" alt=\"\" /></p>",
+// "should allow an upwards relative"
+// );
+
+// assert_eq!(
+// micromark("![](a#b:c)"),
+// "<p><img src=\"a#b:c\" alt=\"\" /></p>",
+// "should allow a colon in a hash"
+// );
+
+// assert_eq!(
+// micromark("![](a?b:c)"),
+// "<p><img src=\"a?b:c\" alt=\"\" /></p>",
+// "should allow a colon in a search"
+// );
+
+// assert_eq!(
+// micromark("![](a/b:c)"),
+// "<p><img src=\"a/b:c\" alt=\"\" /></p>",
+// "should allow a colon in a path"
+// );
+// }
+
+// To do: link.
+// #[test]
+// fn dangerous_protocol_link() {
+// assert_eq!(
+// micromark("[](javascript:alert(1))"),
+// "<p><a href=\"\"></a></p>",
+// "should be safe by default"
+// );
+
+// assert_eq!(
+// micromark("[](http://a)"),
+// "<p><a href=\"http://a\"></a></p>",
+// "should allow `http:`"
+// );
+
+// assert_eq!(
+// micromark("[](https://a)"),
+// "<p><a href=\"https://a\"></a></p>",
+// "should allow `https:`"
+// );
+
+// assert_eq!(
+// micromark("[](irc:///help)"),
+// "<p><a href=\"irc:///help\"></a></p>",
+// "should allow `irc:`"
+// );
+
+// assert_eq!(
+// micromark("[](mailto:a)"),
+// "<p><a href=\"mailto:a\"></a></p>",
+// "should allow `mailto:`"
+// );
+
+// assert_eq!(
+// micromark("[](#a)"),
+// "<p><a href=\"#a\"></a></p>",
+// "should allow a hash"
+// );
+
+// assert_eq!(
+// micromark("[](?a)"),
+// "<p><a href=\"?a\"></a></p>",
+// "should allow a search"
+// );
+
+// assert_eq!(
+// micromark("[](/a)"),
+// "<p><a href=\"/a\"></a></p>",
+// "should allow an absolute"
+// );
+
+// assert_eq!(
+// micromark("[](./a)"),
+// "<p><a href=\"./a\"></a></p>",
+// "should allow an relative"
+// );
+
+// assert_eq!(
+// micromark("[](../a)"),
+// "<p><a href=\"../a\"></a></p>",
+// "should allow an upwards relative"
+// );
+
+// assert_eq!(
+// micromark("[](a#b:c)"),
+// "<p><a href=\"a#b:c\"></a></p>",
+// "should allow a colon in a hash"
+// );
+
+// assert_eq!(
+// micromark("[](a?b:c)"),
+// "<p><a href=\"a?b:c\"></a></p>",
+// "should allow a colon in a search"
+// );
+
+// assert_eq!(
+// micromark("[](a/b:c)"),
+// "<p><a href=\"a/b:c\"></a></p>",
+// "should allow a colon in a path"
+// );
+// }