Skip to content

Commit 9057f42

Browse files
authored
Merge pull request #66 from fschwahn/improve-tests
Fix / improve tests
2 parents 663bf35 + 2a2a715 commit 9057f42

File tree

1 file changed

+10
-8
lines changed

1 file changed

+10
-8
lines changed

test/sanitizer_test.rb

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,11 @@ def test_strip_tags_with_quote
5858
end
5959

6060
def test_strip_invalid_html
61-
assert_equal "", full_sanitize("<<<bad html")
61+
assert_equal "&lt;&lt;", full_sanitize("<<<bad html")
6262
end
6363

6464
def test_strip_nested_tags
65-
expected = "Weia onclick='alert(document.cookie);'/&gt;rdos"
65+
expected = "Wei&lt;a onclick='alert(document.cookie);'/&gt;rdos"
6666
input = "Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos"
6767
assert_equal expected, full_sanitize(input)
6868
end
@@ -74,7 +74,7 @@ def test_strip_tags_multiline
7474
assert_equal expected, full_sanitize(input)
7575
end
7676

77-
def test_strip_comments
77+
def test_remove_unclosed_tags
7878
assert_equal "This is ", full_sanitize("This is <-- not\n a comment here.")
7979
end
8080

@@ -87,7 +87,9 @@ def test_strip_unclosed_cdata
8787
end
8888

8989
def test_strip_blank_string
90-
[nil, '', ' '].each { |blank| assert_equal blank, full_sanitize(blank) }
90+
assert_nil full_sanitize(nil)
91+
assert_equal "", full_sanitize("")
92+
assert_equal " ", full_sanitize(" ")
9193
end
9294

9395
def test_strip_tags_with_plaintext
@@ -98,8 +100,8 @@ def test_strip_tags_with_tags
98100
assert_equal "This is a test.", full_sanitize("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>")
99101
end
100102

101-
def test_strip_tags_with_many_open_quotes
102-
assert_equal "", full_sanitize("<<<bad html>")
103+
def test_escape_tags_with_many_open_quotes
104+
assert_equal "&lt;&lt;", full_sanitize("<<<bad html>")
103105
end
104106

105107
def test_strip_tags_with_sentence
@@ -123,7 +125,7 @@ def test_full_sanitize_respect_html_escaping_of_the_given_string
123125
end
124126

125127
def test_strip_links_with_tags_in_tags
126-
expected = "a href='hello'&gt;all <b>day</b> long/a&gt;"
128+
expected = "&lt;a href='hello'&gt;all <b>day</b> long&lt;/a&gt;"
127129
input = "<<a>a href='hello'>all <b>day</b> long<</A>/a>"
128130
assert_equal expected, link_sanitize(input)
129131
end
@@ -360,7 +362,7 @@ def test_should_sanitize_invalid_script_tag
360362
end
361363

362364
def test_should_sanitize_script_tag_with_multiple_open_brackets
363-
assert_sanitized %(<<SCRIPT>alert("XSS");//<</SCRIPT>), "alert(\"XSS\");//"
365+
assert_sanitized %(<<SCRIPT>alert("XSS");//<</SCRIPT>), "&lt;alert(\"XSS\");//&lt;"
364366
assert_sanitized %(<iframe src=http://ha.ckers.org/scriptlet.html\n<a), ""
365367
end
366368

0 commit comments

Comments
 (0)