aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tests/gfm_tagfilter.rs121
1 files changed, 121 insertions, 0 deletions
diff --git a/tests/gfm_tagfilter.rs b/tests/gfm_tagfilter.rs
new file mode 100644
index 0000000..54c56ae
--- /dev/null
+++ b/tests/gfm_tagfilter.rs
@@ -0,0 +1,121 @@
+extern crate micromark;
+use micromark::{micromark_with_options, Options};
+use pretty_assertions::assert_eq;
+
+#[test]
+fn gfm_tagfilter() {
+ assert_eq!(
+ micromark_with_options(
+ "<iframe>",
+ &Options {
+ allow_dangerous_html: true,
+ ..Options::default()
+ }
+ ),
+ "<iframe>",
+ "should not filter by default"
+ );
+
+ assert_eq!(
+ micromark_with_options(
+ "a <i>\n<script>",
+ &Options {
+ gfm_tagfilter: true,
+ ..Options::default()
+ }
+ ),
+ "<p>a &lt;i&gt;</p>\n&lt;script&gt;",
+ "should not turn `allow_dangerous_html` on"
+ );
+
+ assert_eq!(
+ micromark_with_options(
+ "<iframe>",
+ &Options {
+ gfm_tagfilter: true,
+ allow_dangerous_html: true,
+ ..Options::default()
+ }
+ ),
+ "&lt;iframe>",
+ "should filter"
+ );
+
+ assert_eq!(
+ micromark_with_options(
+ r###"
+<title>
+
+<div title="<title>"></div>
+
+<span title="<title>"></span>
+
+<div><title></title></div>
+
+<span><title></title></span>
+
+<b><textarea></textarea></b>
+
+<script/src="#">
+
+<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>
+
+<IMG SRC="javascript:alert('XSS');">
+
+<IMG SRC=javascript:alert('XSS')>
+
+<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
+
+<IMG """><SCRIPT>alert("XSS")</SCRIPT>"\>
+
+<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>
+
+<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+
+<<SCRIPT>alert("XSS");//\<</SCRIPT>
+
+<SCRIPT SRC=http://xss.rocks/xss.js?< B >
+
+<SCRIPT SRC=//xss.rocks/.j>
+
+</TITLE><SCRIPT>alert("XSS");</SCRIPT>
+
+<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
+
+javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
+
+<STYLE>@import'http://xss.rocks/xss.css';</STYLE>
+"###,
+ &Options {
+ gfm_tagfilter: true,
+ allow_dangerous_html: true,
+ ..Options::default()
+ }
+ ),
+ r###"&lt;title>
+<div title="&lt;title>"></div>
+<p><span title="&lt;title>"></span></p>
+<div>&lt;title>&lt;/title></div>
+<p><span>&lt;title>&lt;/title></span></p>
+<p><b>&lt;textarea>&lt;/textarea></b></p>
+<p>&lt;script/src=&quot;#&quot;&gt;</p>
+&lt;SCRIPT SRC=http://xss.rocks/xss.js>&lt;/SCRIPT>
+<IMG SRC="javascript:alert('XSS');">
+<p>&lt;IMG SRC=javascript:alert('XSS')&gt;</p>
+<p>&lt;IMG SRC=<code>javascript:alert(&quot;RSnake says, 'XSS'&quot;)</code>&gt;</p>
+<p>&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT>alert(&quot;XSS&quot;)&lt;/SCRIPT>&quot;&gt;</p>
+<p>&lt;SCRIPT/XSS SRC=&quot;http://xss.rocks/xss.js&quot;&gt;&lt;/SCRIPT></p>
+<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+<p>&lt;&lt;SCRIPT>alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT></p>
+&lt;SCRIPT SRC=http://xss.rocks/xss.js?< B >
+
+&lt;SCRIPT SRC=//xss.rocks/.j>
+
+&lt;/TITLE>&lt;SCRIPT>alert("XSS");&lt;/SCRIPT>
+&lt;STYLE>li {list-style-image: url("javascript:alert('XSS')");}&lt;/STYLE><UL><LI>XSS</br>
+<p>javascript:/<em>--&gt;&lt;/title>&lt;/style>&lt;/textarea>&lt;/script>&lt;/xmp>&lt;svg/onload='+/&quot;/+/onmouseover=1/+/[</em>/[]/+alert(1)//'&gt;</p>
+&lt;STYLE>@import'http://xss.rocks/xss.css';&lt;/STYLE>
+"###,
+ "should handle things like GitHub"
+ );
+}