extern crate markdown; use markdown::to_html; use pretty_assertions::assert_eq; #[test] fn dangerous_protocol_autolink() { assert_eq!( to_html(""), "

javascript:alert(1)

", "should be safe by default" ); assert_eq!( to_html(""), "

http://a

", "should allow `http:`" ); assert_eq!( to_html(""), "

https://a

", "should allow `https:`" ); assert_eq!( to_html(""), "

irc:///help

", "should allow `irc:`" ); assert_eq!( to_html(""), "

mailto:a

", "should allow `mailto:`" ); } #[test] fn dangerous_protocol_image() { assert_eq!( to_html("![](javascript:alert(1))"), "

\"\"

", "should be safe by default" ); assert_eq!( to_html("![](http://a)"), "

\"\"

", "should allow `http:`" ); assert_eq!( to_html("![](https://a)"), "

\"\"

", "should allow `https:`" ); assert_eq!( to_html("![](irc:///help)"), "

\"\"

", "should not allow `irc:`" ); assert_eq!( to_html("![](mailto:a)"), "

\"\"

", "should not allow `mailto:`" ); assert_eq!( to_html("![](#a)"), "

\"\"

", "should allow a hash" ); assert_eq!( to_html("![](?a)"), "

\"\"

", "should allow a search" ); assert_eq!( to_html("![](/a)"), "

\"\"

", "should allow an absolute" ); assert_eq!( to_html("![](./a)"), "

\"\"

", "should allow an relative" ); assert_eq!( to_html("![](../a)"), "

\"\"

", "should allow an upwards relative" ); assert_eq!( to_html("![](a#b:c)"), "

\"\"

", "should allow a colon in a hash" ); assert_eq!( to_html("![](a?b:c)"), "

\"\"

", "should allow a colon in a search" ); assert_eq!( to_html("![](a/b:c)"), "

\"\"

", "should allow a colon in a path" ); } #[test] fn dangerous_protocol_link() { assert_eq!( to_html("[](javascript:alert(1))"), "

", "should be safe by default" ); assert_eq!( to_html("[](http://a)"), "

", "should allow `http:`" ); assert_eq!( to_html("[](https://a)"), "

", "should allow `https:`" ); assert_eq!( to_html("[](irc:///help)"), "

", "should allow `irc:`" ); assert_eq!( to_html("[](mailto:a)"), "

", "should allow `mailto:`" ); assert_eq!( to_html("[](#a)"), "

", "should allow a hash" ); assert_eq!( to_html("[](?a)"), "

", "should allow a search" ); assert_eq!( to_html("[](/a)"), "

", "should allow an absolute" ); assert_eq!( to_html("[](./a)"), "

", "should allow an relative" ); assert_eq!( to_html("[](../a)"), "

", "should allow an upwards relative" ); assert_eq!( to_html("[](a#b:c)"), "

", "should allow a colon in a hash" ); assert_eq!( to_html("[](a?b:c)"), "

", "should allow a colon in a search" ); assert_eq!( to_html("[](a/b:c)"), "

", "should allow a colon in a path" ); }