Add support for GFM tagfilter

1 files changed, 121 insertions, 0 deletions

diff --git a/tests/gfm_tagfilter.rs b/tests/gfm_tagfilter.rs
new file mode 100644
index 0000000..54c56ae
--- /dev/null
+++ b/tests/gfm_tagfilter.rs
@@ -0,0 +1,121 @@
+extern crate micromark;
+use micromark::{micromark_with_options, Options};
+use pretty_assertions::assert_eq;
+
+#[test]
+fn gfm_tagfilter() {
+    assert_eq!(
+        micromark_with_options(
+            "<iframe>",
+            &Options {
+                allow_dangerous_html: true,
+                ..Options::default()
+            }
+        ),
+        "<iframe>",
+        "should not filter by default"
+    );
+
+    assert_eq!(
+        micromark_with_options(
+            "a <i>\n<script>",
+            &Options {
+                gfm_tagfilter: true,
+                ..Options::default()
+            }
+        ),
+        "<p>a &lt;i&gt;</p>\n&lt;script&gt;",
+        "should not turn `allow_dangerous_html` on"
+    );
+
+    assert_eq!(
+        micromark_with_options(
+            "<iframe>",
+            &Options {
+                gfm_tagfilter: true,
+                allow_dangerous_html: true,
+                ..Options::default()
+            }
+        ),
+        "&lt;iframe>",
+        "should filter"
+    );
+
+    assert_eq!(
+        micromark_with_options(
+            r###"
+<title>
+
+<div title="<title>"></div>
+
+<span title="<title>"></span>
+
+<div><title></title></div>
+
+<span><title></title></span>
+
+<b><textarea></textarea></b>
+
+<script/src="#">
+
+<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>
+
+<IMG SRC="javascript:alert('XSS');">
+
+<IMG SRC=javascript:alert('XSS')>
+
+<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
+
+<IMG """><SCRIPT>alert("XSS")</SCRIPT>"\>
+
+<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>
+
+<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+
+<<SCRIPT>alert("XSS");//\<</SCRIPT>
+
+<SCRIPT SRC=http://xss.rocks/xss.js?< B >
+
+<SCRIPT SRC=//xss.rocks/.j>
+
+</TITLE><SCRIPT>alert("XSS");</SCRIPT>
+
+<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
+
+javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
+
+<STYLE>@import'http://xss.rocks/xss.css';</STYLE>
+"###,
+            &Options {
+                gfm_tagfilter: true,
+                allow_dangerous_html: true,
+                ..Options::default()
+            }
+        ),
+        r###"&lt;title>
+<div title="&lt;title>"></div>
+<p><span title="&lt;title>"></span></p>
+<div>&lt;title>&lt;/title></div>
+<p><span>&lt;title>&lt;/title></span></p>
+<p><b>&lt;textarea>&lt;/textarea></b></p>
+<p>&lt;script/src=&quot;#&quot;&gt;</p>
+&lt;SCRIPT SRC=http://xss.rocks/xss.js>&lt;/SCRIPT>
+<IMG SRC="javascript:alert('XSS');">
+<p>&lt;IMG SRC=javascript:alert('XSS')&gt;</p>
+<p>&lt;IMG SRC=<code>javascript:alert(&quot;RSnake says, 'XSS'&quot;)</code>&gt;</p>
+<p>&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT>alert(&quot;XSS&quot;)&lt;/SCRIPT>&quot;&gt;</p>
+<p>&lt;SCRIPT/XSS SRC=&quot;http://xss.rocks/xss.js&quot;&gt;&lt;/SCRIPT></p>
+<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+<p>&lt;&lt;SCRIPT>alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT></p>
+&lt;SCRIPT SRC=http://xss.rocks/xss.js?< B >
+
+&lt;SCRIPT SRC=//xss.rocks/.j>
+
+&lt;/TITLE>&lt;SCRIPT>alert("XSS");&lt;/SCRIPT>
+&lt;STYLE>li {list-style-image: url("javascript:alert('XSS')");}&lt;/STYLE><UL><LI>XSS</br>
+<p>javascript:/<em>--&gt;&lt;/title>&lt;/style>&lt;/textarea>&lt;/script>&lt;/xmp>&lt;svg/onload='+/&quot;/+/onmouseover=1/+/[</em>/[]/+alert(1)//'&gt;</p>
+&lt;STYLE>@import'http://xss.rocks/xss.css';&lt;/STYLE>
+"###,
+        "should handle things like GitHub"
+    );
+}