extern crate markdown;
use markdown::to_html;
use pretty_assertions::assert_eq;
#[test]
fn dangerous_protocol_autolink() {
assert_eq!(
to_html(""),
"javascript:alert(1)
",
"should be safe by default"
);
assert_eq!(
to_html(""),
"http://a
",
"should allow `http:`"
);
assert_eq!(
to_html(""),
"https://a
",
"should allow `https:`"
);
assert_eq!(
to_html(""),
"irc:///help
",
"should allow `irc:`"
);
assert_eq!(
to_html(""),
"mailto:a
",
"should allow `mailto:`"
);
}
#[test]
fn dangerous_protocol_image() {
assert_eq!(
to_html("![](javascript:alert(1))"),
"",
"should be safe by default"
);
assert_eq!(
to_html("![](http://a)"),
"",
"should allow `http:`"
);
assert_eq!(
to_html("![](https://a)"),
"",
"should allow `https:`"
);
assert_eq!(
to_html("![](irc:///help)"),
"",
"should not allow `irc:`"
);
assert_eq!(
to_html("![](mailto:a)"),
"",
"should not allow `mailto:`"
);
assert_eq!(
to_html("![](#a)"),
"",
"should allow a hash"
);
assert_eq!(
to_html("![](?a)"),
"",
"should allow a search"
);
assert_eq!(
to_html("![](/a)"),
"",
"should allow an absolute"
);
assert_eq!(
to_html("![](./a)"),
"",
"should allow an relative"
);
assert_eq!(
to_html("![](../a)"),
"",
"should allow an upwards relative"
);
assert_eq!(
to_html("![](a#b:c)"),
"",
"should allow a colon in a hash"
);
assert_eq!(
to_html("![](a?b:c)"),
"",
"should allow a colon in a search"
);
assert_eq!(
to_html("![](a/b:c)"),
"",
"should allow a colon in a path"
);
}
#[test]
fn dangerous_protocol_link() {
assert_eq!(
to_html("[](javascript:alert(1))"),
"
",
"should be safe by default"
);
assert_eq!(
to_html("[](http://a)"),
"
",
"should allow `http:`"
);
assert_eq!(
to_html("[](https://a)"),
"
",
"should allow `https:`"
);
assert_eq!(
to_html("[](irc:///help)"),
"
",
"should allow `irc:`"
);
assert_eq!(
to_html("[](mailto:a)"),
"
",
"should allow `mailto:`"
);
assert_eq!(
to_html("[](#a)"),
"
",
"should allow a hash"
);
assert_eq!(
to_html("[](?a)"),
"
",
"should allow a search"
);
assert_eq!(
to_html("[](/a)"),
"
",
"should allow an absolute"
);
assert_eq!(
to_html("[](./a)"),
"
",
"should allow an relative"
);
assert_eq!(
to_html("[](../a)"),
"
",
"should allow an upwards relative"
);
assert_eq!(
to_html("[](a#b:c)"),
"
",
"should allow a colon in a hash"
);
assert_eq!(
to_html("[](a?b:c)"),
"
",
"should allow a colon in a search"
);
assert_eq!(
to_html("[](a/b:c)"),
"
",
"should allow a colon in a path"
);
}