// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved. // SPDX-License-Identifier: Apache-2.0 package sanitizer // import "miniflux.app/reader/sanitizer" import "testing" func TestValidInput(t *testing.T) { input := `

This is a text with an image: Test.

` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestImgWithWidthAndHeightAttribute(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithWidthAndHeightAttributeLargerThanMinifluxLayout(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithIncorrectWidthAndHeightAttribute(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithTextDataURL(t *testing.T) { input := `Example` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithDataURL(t *testing.T) { input := `Example` expected := `Example` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestImgWithSrcset(t *testing.T) { input := `Example` expected := `Example` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSourceWithSrcsetAndMedia(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestMediumImgWithSrcset(t *testing.T) { input := `Image for post` expected := `Image for post` output := Sanitize("http://example.org/", input) if output != expected { t.Errorf(`Wrong output: %s`, output) } } func TestSelfClosingTags(t *testing.T) { input := `

This
is a text
with an image: Test.

` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestTable(t *testing.T) { input := `
AB
CDE
` output := Sanitize("http://example.org/", input) if input != output { t.Errorf(`Wrong output: "%s" != "%s"`, input, output) } } func TestRelativeURL(t *testing.T) { input := `This link is relative and this image: ` expected := `This link is relative and this image: ` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestProtocolRelativeURL(t *testing.T) { input := `This link is relative.` expected := `This link is relative.` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidTag(t *testing.T) { input := `

My invalid tag.

` expected := `

My invalid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestVideoTag(t *testing.T) { input := `

My valid .

` expected := `

My valid .

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAudioAndSourceTag(t *testing.T) { input := `

My music .

` expected := `

My music .

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestUnknownTag(t *testing.T) { input := `

My invalid tag.

` expected := `

My invalid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidNestedTag(t *testing.T) { input := `

My invalid tag with some valid tag.

` expected := `

My invalid tag with some valid tag.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidIFrame(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestIFrameWithChildElements(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.com/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAnchorLink(t *testing.T) { input := `

This link is an anchor

` expected := `

This link is an anchor

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestInvalidURLScheme(t *testing.T) { input := `

This link is not valid

` expected := `

This link is not valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestAPTURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestBitcoinURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestCallToURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestFeedURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestGeoURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestItunesURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestMagnetURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestMailtoURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestNewsURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestRTMPURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSIPURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSkypeURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSpotifyURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSteamURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestSubversionURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } input = `

This link is valid

` expected = `

This link is valid

` output = Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestTelURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestWebcalURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXMPPURIScheme(t *testing.T) { input := `

This link is valid

` expected := `

This link is valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestBlacklistedLink(t *testing.T) { input := `

This image is not valid

` expected := `

This image is not valid

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestPixelTracker(t *testing.T) { input := `

and

` expected := `

and

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestXmlEntities(t *testing.T) { input := `
echo "test" > /etc/hosts
` expected := `
echo "test" > /etc/hosts
` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestEspaceAttributes(t *testing.T) { input := `test` expected := `test` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceYoutubeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceSecureYoutubeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceSecureYoutubeURLWithParameters(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceYoutubeURLAlreadyReplaced(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceProtocolRelativeYoutubeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceIframeURL(t *testing.T) { input := `` expected := `` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceNoScript(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceScript(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } } func TestReplaceStyle(t *testing.T) { input := `

Before paragraph.

After paragraph.

` expected := `

Before paragraph.

After paragraph.

` output := Sanitize("http://example.org/", input) if expected != output { t.Errorf(`Wrong output: "%s" != "%s"`, expected, output) } }