From 2f37ee269725b82913e937fbaaed909f10e4c464 Mon Sep 17 00:00:00 2001 From: Titus Wormer Date: Wed, 15 Jun 2022 13:15:02 +0200 Subject: Add tests for dangerous options --- tests/misc_dangerous_html.rs | 28 ++++++ tests/misc_dangerous_protocol.rs | 199 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 227 insertions(+) create mode 100644 tests/misc_dangerous_html.rs create mode 100644 tests/misc_dangerous_protocol.rs (limited to 'tests') diff --git a/tests/misc_dangerous_html.rs b/tests/misc_dangerous_html.rs new file mode 100644 index 0000000..7a0b49a --- /dev/null +++ b/tests/misc_dangerous_html.rs @@ -0,0 +1,28 @@ +extern crate micromark; +use micromark::{micromark, micromark_with_options, CompileOptions}; + +const DANGER: &CompileOptions = &CompileOptions { + allow_dangerous_html: true, + allow_dangerous_protocol: true, +}; + +#[test] +fn dangerous_html() { + assert_eq!( + micromark(""), + "<x>", + "should be safe by default for flow" + ); + + assert_eq!( + micromark("a"), + "

a<b>

", + "should be safe by default for text" + ); + + assert_eq!( + micromark_with_options("", DANGER), + "", + "should be unsafe w/ `allowDangerousHtml`" + ); +} diff --git a/tests/misc_dangerous_protocol.rs b/tests/misc_dangerous_protocol.rs new file mode 100644 index 0000000..9069ecd --- /dev/null +++ b/tests/misc_dangerous_protocol.rs @@ -0,0 +1,199 @@ +extern crate micromark; +use micromark::{micromark}; + +#[test] +fn dangerous_protocol_autolink() { + assert_eq!( + micromark(""), + "

javascript:alert(1)

", + "should be safe by default" + ); + + assert_eq!( + micromark(""), + "

http://a

", + "should allow `http:`" + ); + + assert_eq!( + micromark(""), + "

https://a

", + "should allow `https:`" + ); + + assert_eq!( + micromark(""), + "

irc:///help

", + "should allow `irc:`" + ); + + assert_eq!( + micromark(""), + "

mailto:a

", + "should allow `mailto:`" + ); +} + +// To do: image. +// #[test] +// fn dangerous_protocol_image() { +// assert_eq!( +// micromark("![](javascript:alert(1))"), +// "

\"\"

", +// "should be safe by default" +// ); + +// assert_eq!( +// micromark("![](http://a)"), +// "

\"\"

", +// "should allow `http:`" +// ); + +// assert_eq!( +// micromark("![](https://a)"), +// "

\"\"

", +// "should allow `https:`" +// ); + +// assert_eq!( +// micromark("![](irc:///help)"), +// "

\"\"

", +// "should not allow `irc:`" +// ); + +// assert_eq!( +// micromark("![](mailto:a)"), +// "

\"\"

", +// "should not allow `mailto:`" +// ); + +// assert_eq!( +// micromark("![](#a)"), +// "

\"\"

", +// "should allow a hash" +// ); + +// assert_eq!( +// micromark("![](?a)"), +// "

\"\"

", +// "should allow a search" +// ); + +// assert_eq!( +// micromark("![](/a)"), +// "

\"\"

", +// "should allow an absolute" +// ); + +// assert_eq!( +// micromark("![](./a)"), +// "

\"\"

", +// "should allow an relative" +// ); + +// assert_eq!( +// micromark("![](../a)"), +// "

\"\"

", +// "should allow an upwards relative" +// ); + +// assert_eq!( +// micromark("![](a#b:c)"), +// "

\"\"

", +// "should allow a colon in a hash" +// ); + +// assert_eq!( +// micromark("![](a?b:c)"), +// "

\"\"

", +// "should allow a colon in a search" +// ); + +// assert_eq!( +// micromark("![](a/b:c)"), +// "

\"\"

", +// "should allow a colon in a path" +// ); +// } + +// To do: link. +// #[test] +// fn dangerous_protocol_link() { +// assert_eq!( +// micromark("[](javascript:alert(1))"), +// "

", +// "should be safe by default" +// ); + +// assert_eq!( +// micromark("[](http://a)"), +// "

", +// "should allow `http:`" +// ); + +// assert_eq!( +// micromark("[](https://a)"), +// "

", +// "should allow `https:`" +// ); + +// assert_eq!( +// micromark("[](irc:///help)"), +// "

", +// "should allow `irc:`" +// ); + +// assert_eq!( +// micromark("[](mailto:a)"), +// "

", +// "should allow `mailto:`" +// ); + +// assert_eq!( +// micromark("[](#a)"), +// "

", +// "should allow a hash" +// ); + +// assert_eq!( +// micromark("[](?a)"), +// "

", +// "should allow a search" +// ); + +// assert_eq!( +// micromark("[](/a)"), +// "

", +// "should allow an absolute" +// ); + +// assert_eq!( +// micromark("[](./a)"), +// "

", +// "should allow an relative" +// ); + +// assert_eq!( +// micromark("[](../a)"), +// "

", +// "should allow an upwards relative" +// ); + +// assert_eq!( +// micromark("[](a#b:c)"), +// "

", +// "should allow a colon in a hash" +// ); + +// assert_eq!( +// micromark("[](a?b:c)"), +// "

", +// "should allow a colon in a search" +// ); + +// assert_eq!( +// micromark("[](a/b:c)"), +// "

", +// "should allow a colon in a path" +// ); +// } -- cgit