@@ -58,11 +58,11 @@ def test_strip_tags_with_quote
58
58
end
59
59
60
60
def test_strip_invalid_html
61
- assert_equal "" , full_sanitize ( "<<<bad html" )
61
+ assert_equal "<< " , full_sanitize ( "<<<bad html" )
62
62
end
63
63
64
64
def test_strip_nested_tags
65
- expected = "Weia onclick='alert(document.cookie);'/>rdos"
65
+ expected = "Wei<a onclick='alert(document.cookie);'/>rdos"
66
66
input = "Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos"
67
67
assert_equal expected , full_sanitize ( input )
68
68
end
@@ -74,7 +74,7 @@ def test_strip_tags_multiline
74
74
assert_equal expected , full_sanitize ( input )
75
75
end
76
76
77
- def test_strip_comments
77
+ def test_remove_unclosed_tags
78
78
assert_equal "This is " , full_sanitize ( "This is <-- not\n a comment here." )
79
79
end
80
80
@@ -87,7 +87,9 @@ def test_strip_unclosed_cdata
87
87
end
88
88
89
89
def test_strip_blank_string
90
- [ nil , '' , ' ' ] . each { |blank | assert_equal blank , full_sanitize ( blank ) }
90
+ assert_nil full_sanitize ( nil )
91
+ assert_equal "" , full_sanitize ( "" )
92
+ assert_equal " " , full_sanitize ( " " )
91
93
end
92
94
93
95
def test_strip_tags_with_plaintext
@@ -98,8 +100,8 @@ def test_strip_tags_with_tags
98
100
assert_equal "This is a test." , full_sanitize ( "<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>" )
99
101
end
100
102
101
- def test_strip_tags_with_many_open_quotes
102
- assert_equal "" , full_sanitize ( "<<<bad html>" )
103
+ def test_escape_tags_with_many_open_quotes
104
+ assert_equal "<< " , full_sanitize ( "<<<bad html>" )
103
105
end
104
106
105
107
def test_strip_tags_with_sentence
@@ -123,7 +125,7 @@ def test_full_sanitize_respect_html_escaping_of_the_given_string
123
125
end
124
126
125
127
def test_strip_links_with_tags_in_tags
126
- expected = "a href='hello'>all <b>day</b> long/a>"
128
+ expected = "< a href='hello'>all <b>day</b> long< /a>"
127
129
input = "<<a>a href='hello'>all <b>day</b> long<</A>/a>"
128
130
assert_equal expected , link_sanitize ( input )
129
131
end
@@ -360,7 +362,7 @@ def test_should_sanitize_invalid_script_tag
360
362
end
361
363
362
364
def test_should_sanitize_script_tag_with_multiple_open_brackets
363
- assert_sanitized %(<<SCRIPT>alert("XSS");//<</SCRIPT>) , "alert(\" XSS\" );//"
365
+ assert_sanitized %(<<SCRIPT>alert("XSS");//<</SCRIPT>) , "< alert(\" XSS\" );//< "
364
366
assert_sanitized %(<iframe src=http://ha.ckers.org/scriptlet.html\n <a) , ""
365
367
end
366
368
0 commit comments