mirror of https://github.com/miniflux/v2.git
Add some tests for add_image_title
I'm not sure if the behaviour is expected, but I didn't manage to get the content injection to work in my browser, so I guess it's alright?
This commit is contained in:
parent
97feec8ebf
commit
db6ae707ef
|
@ -671,3 +671,35 @@ func TestAddHackerNewsLinksUsingOpener(t *testing.T) {
|
||||||
t.Errorf(`Not expected output: got "%+v" instead of "%+v"`, testEntry, controlEntry)
|
t.Errorf(`Not expected output: got "%+v" instead of "%+v"`, testEntry, controlEntry)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAddImageTitle(t *testing.T) {
|
||||||
|
testEntry := &model.Entry{
|
||||||
|
Title: `A title`,
|
||||||
|
Content: `
|
||||||
|
<img src="pif" title="pouf">
|
||||||
|
<img src="pif" title="pouf" alt='"onerror=alert(1) a="'>
|
||||||
|
<img src="pif" title="pouf" alt='"onerror=alert(1) a="'>
|
||||||
|
<img src="pif" title="pouf" alt=';&quot;onerror=alert(1) a=;&quot;'>
|
||||||
|
<img src="pif" alt="pouf" title='"onerror=alert(1) a="'>
|
||||||
|
<img src="pif" alt="pouf" title='"onerror=alert(1) a="'>
|
||||||
|
<img src="pif" alt="pouf" title=';&quot;onerror=alert(1) a=;&quot;'>
|
||||||
|
`,
|
||||||
|
}
|
||||||
|
|
||||||
|
controlEntry := &model.Entry{
|
||||||
|
Title: `A title`,
|
||||||
|
Content: `<figure><img src="pif" alt=""/><figcaption><p>pouf</p></figcaption></figure>
|
||||||
|
<figure><img src="pif" alt="" onerror="alert(1)" a=""/><figcaption><p>pouf</p></figcaption></figure>
|
||||||
|
<figure><img src="pif" alt="" onerror="alert(1)" a=""/><figcaption><p>pouf</p></figcaption></figure>
|
||||||
|
<figure><img src="pif" alt=";"onerror=alert(1) a=;""/><figcaption><p>pouf</p></figcaption></figure>
|
||||||
|
<figure><img src="pif" alt="pouf"/><figcaption><p>"onerror=alert(1) a="</p></figcaption></figure>
|
||||||
|
<figure><img src="pif" alt="pouf"/><figcaption><p>"onerror=alert(1) a="</p></figcaption></figure>
|
||||||
|
<figure><img src="pif" alt="pouf"/><figcaption><p>;&quot;onerror=alert(1) a=;&quot;</p></figcaption></figure>
|
||||||
|
`,
|
||||||
|
}
|
||||||
|
Rewriter("https://example.org/article", testEntry, `add_image_title`)
|
||||||
|
|
||||||
|
if !reflect.DeepEqual(testEntry, controlEntry) {
|
||||||
|
t.Errorf(`Not expected output: got "%+v" instead of "%+v"`, testEntry, controlEntry)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue