mirror of
https://github.com/miniflux/v2.git
synced 2024-09-28 05:11:51 +02:00
Add some tests for add_image_title
I'm not sure if the behaviour is expected, but I didn't manage to get the content injection to work in my browser, so I guess it's alright?
This commit is contained in:
parent
97feec8ebf
commit
db6ae707ef
@ -671,3 +671,35 @@ func TestAddHackerNewsLinksUsingOpener(t *testing.T) {
|
||||
t.Errorf(`Not expected output: got "%+v" instead of "%+v"`, testEntry, controlEntry)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAddImageTitle(t *testing.T) {
|
||||
testEntry := &model.Entry{
|
||||
Title: `A title`,
|
||||
Content: `
|
||||
<img src="pif" title="pouf">
|
||||
<img src="pif" title="pouf" alt='"onerror=alert(1) a="'>
|
||||
<img src="pif" title="pouf" alt='"onerror=alert(1) a="'>
|
||||
<img src="pif" title="pouf" alt=';&quot;onerror=alert(1) a=;&quot;'>
|
||||
<img src="pif" alt="pouf" title='"onerror=alert(1) a="'>
|
||||
<img src="pif" alt="pouf" title='"onerror=alert(1) a="'>
|
||||
<img src="pif" alt="pouf" title=';&quot;onerror=alert(1) a=;&quot;'>
|
||||
`,
|
||||
}
|
||||
|
||||
controlEntry := &model.Entry{
|
||||
Title: `A title`,
|
||||
Content: `<figure><img src="pif" alt=""/><figcaption><p>pouf</p></figcaption></figure>
|
||||
<figure><img src="pif" alt="" onerror="alert(1)" a=""/><figcaption><p>pouf</p></figcaption></figure>
|
||||
<figure><img src="pif" alt="" onerror="alert(1)" a=""/><figcaption><p>pouf</p></figcaption></figure>
|
||||
<figure><img src="pif" alt=";"onerror=alert(1) a=;""/><figcaption><p>pouf</p></figcaption></figure>
|
||||
<figure><img src="pif" alt="pouf"/><figcaption><p>"onerror=alert(1) a="</p></figcaption></figure>
|
||||
<figure><img src="pif" alt="pouf"/><figcaption><p>"onerror=alert(1) a="</p></figcaption></figure>
|
||||
<figure><img src="pif" alt="pouf"/><figcaption><p>;&quot;onerror=alert(1) a=;&quot;</p></figcaption></figure>
|
||||
`,
|
||||
}
|
||||
Rewriter("https://example.org/article", testEntry, `add_image_title`)
|
||||
|
||||
if !reflect.DeepEqual(testEntry, controlEntry) {
|
||||
t.Errorf(`Not expected output: got "%+v" instead of "%+v"`, testEntry, controlEntry)
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user