|
1 |
# frozen_string_literal: true
|
|
2 |
|
|
3 |
# Redmine - project management software
|
|
4 |
# Copyright (C) 2006-2021 Jean-Philippe Lang
|
|
5 |
#
|
|
6 |
# This program is free software; you can redistribute it and/or
|
|
7 |
# modify it under the terms of the GNU General Public License
|
|
8 |
# as published by the Free Software Foundation; either version 2
|
|
9 |
# of the License, or (at your option) any later version.
|
|
10 |
#
|
|
11 |
# This program is distributed in the hope that it will be useful,
|
|
12 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
13 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
14 |
# GNU General Public License for more details.
|
|
15 |
#
|
|
16 |
# You should have received a copy of the GNU General Public License
|
|
17 |
# along with this program; if not, write to the Free Software
|
|
18 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
19 |
|
|
20 |
require File.expand_path('../../../../../test_helper', __FILE__)
|
|
21 |
|
|
22 |
class Redmine::WikiFormatting::HtmlSanitizerTest < ActiveSupport::TestCase
|
|
23 |
|
|
24 |
def setup
|
|
25 |
@sanitizer = Redmine::WikiFormatting::HtmlSanitizer
|
|
26 |
end
|
|
27 |
|
|
28 |
def test_should_allow_links_with_safe_url_schemes_and_append_external_class
|
|
29 |
%w(http https ftp ssh foo).each do |scheme|
|
|
30 |
input = %(<a href="#{scheme}://example.org/">foo</a>)
|
|
31 |
assert_equal %(<a href="#{scheme}://example.org/" class="external">foo</a>), @sanitizer.call(input)
|
|
32 |
end
|
|
33 |
end
|
|
34 |
|
|
35 |
def test_should_reject_links_with_unsafe_url_schemes
|
|
36 |
input = %(<a href="javascript:alert('hello');">foo</a>)
|
|
37 |
assert_equal "<a>foo</a>", @sanitizer.call(input)
|
|
38 |
end
|
|
39 |
end
|