instiki/vendor/rails/actionpack/test/template/sanitize_helper_test.rb

require 'abstract_unit'
require 'testing_sandbox'

# The exhaustive tests are in test/controller/html/sanitizer_test.rb.
# This tests the that the helpers hook up correctly to the sanitizer classes.
class SanitizeHelperTest < ActionView::TestCase
  tests ActionView::Helpers::SanitizeHelper
  include TestingSandbox

  def test_strip_links
    assert_equal "Dont touch me", strip_links("Dont touch me")
    assert_equal "<a<a", strip_links("<a<a")
    assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>")
    assert_equal "0wn3d", strip_links("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>")
    assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")
    assert_equal "FrrFox", strip_links("<href onlclick='steal()'>FrrFox</a></href>")
    assert_equal "My mind\nall <b>day</b> long", strip_links("<a href='almost'>My mind</a>\n<A href='almost'>all <b>day</b> long</A>")
    assert_equal "all <b>day</b> long", strip_links("<<a>a href='hello'>all <b>day</b> long<</A>/a>")
  end

  def test_sanitize_form
    assert_sanitized "<form action=\"/foo/bar\" method=\"post\"><input></form>", ''
  end

  def test_should_sanitize_illegal_style_properties
    raw      = %(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;)
    expected = %(display: block; width: 100%; height: 100%; background-color: black; background-image: ; background-x: center; background-y: center;)
    assert_equal expected, sanitize_css(raw)
  end

  def test_strip_tags
    assert_equal("<<<bad html", strip_tags("<<<bad html"))
    assert_equal("<<", strip_tags("<<<bad html>"))
    assert_equal("Dont touch me", strip_tags("Dont touch me"))
    assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>"))
    assert_equal("Weirdos", strip_tags("Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos"))
    assert_equal("This is a test.", strip_tags("This is a test."))
    assert_equal(
    %{This is a test.\n\n\nIt no longer contains any HTML.\n}, strip_tags(
    %{<title>This is <b>a <a href="" target="_blank">test</a></b>.</title>\n\n<!-- it has a comment -->\n\n<p>It no <b>longer <strong>contains <em>any <strike>HTML</strike></em>.</strong></b></p>\n}))
    assert_equal "This has a  here.", strip_tags("This has a <!-- comment --> here.")
    [nil, '', '   '].each { |blank| assert_equal blank, strip_tags(blank) }
  end

  def assert_sanitized(text, expected = nil)
    assert_equal((expected || text), sanitize(text))
  end
end
Rails 2.1 RC1 Updated Instiki to Rails 2.1 RC1 (aka 2.0.991). 2008-05-18 06:22:34 +02:00			`require 'abstract_unit'`
			`require 'testing_sandbox'`
Upgrade to Rails 2.0.2 Upgraded to Rails 2.0.2, except that we maintain vendor/rails/actionpack/lib/action_controller/routing.rb from Rail 1.2.6 (at least for now), so that Routes don't change. We still get to enjoy Rails's many new features. Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time). 2007-12-21 08:48:59 +01:00
			`# The exhaustive tests are in test/controller/html/sanitizer_test.rb.`
			`# This tests the that the helpers hook up correctly to the sanitizer classes.`
Rails 2.1 RC1 Updated Instiki to Rails 2.1 RC1 (aka 2.0.991). 2008-05-18 06:22:34 +02:00			`class SanitizeHelperTest < ActionView::TestCase`
			`tests ActionView::Helpers::SanitizeHelper`
Upgrade to Rails 2.0.2 Upgraded to Rails 2.0.2, except that we maintain vendor/rails/actionpack/lib/action_controller/routing.rb from Rail 1.2.6 (at least for now), so that Routes don't change. We still get to enjoy Rails's many new features. Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time). 2007-12-21 08:48:59 +01:00			`include TestingSandbox`

			`def test_strip_links`
			`assert_equal "Dont touch me", strip_links("Dont touch me")`
			`assert_equal "<a<a", strip_links("<a<a")`
			`assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>")`
Upgrade to Rails 2.2.0 As a side benefit, fix an (non-user-visible) bug in display_s5(). Also fixed a bug where removing orphaned pages did not expire cached summary pages. 2008-10-27 07:47:01 +01:00			`assert_equal "0wn3d", strip_links("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>")`
			`assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")`
			`assert_equal "FrrFox", strip_links("<href onlclick='steal()'>FrrFox</a></href>")`
Upgrade to Rails 2.0.2 Upgraded to Rails 2.0.2, except that we maintain vendor/rails/actionpack/lib/action_controller/routing.rb from Rail 1.2.6 (at least for now), so that Routes don't change. We still get to enjoy Rails's many new features. Also fixed a bug in Chunk-handling: disable WikiWord processing in tags (for real this time). 2007-12-21 08:48:59 +01:00			`assert_equal "My mind\nall <b>day</b> long", strip_links("<a href='almost'>My mind</a>\n<A href='almost'>all <b>day</b> long</A>")`
			`assert_equal "all <b>day</b> long", strip_links("<<a>a href='hello'>all <b>day</b> long<</A>/a>")`
			`end`

			`def test_sanitize_form`
			`assert_sanitized "<form action=\"/foo/bar\" method=\"post\"><input></form>", ''`
			`end`

			`def test_should_sanitize_illegal_style_properties`
			`raw = %(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;)`
			`expected = %(display: block; width: 100%; height: 100%; background-color: black; background-image: ; background-x: center; background-y: center;)`
			`assert_equal expected, sanitize_css(raw)`
			`end`

			`def test_strip_tags`
			`assert_equal("<<<bad html", strip_tags("<<<bad html"))`
			`assert_equal("<<", strip_tags("<<<bad html>"))`
			`assert_equal("Dont touch me", strip_tags("Dont touch me"))`
			`assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>"))`
			`assert_equal("Weirdos", strip_tags("Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos"))`
			`assert_equal("This is a test.", strip_tags("This is a test."))`
			`assert_equal(`
			`%{This is a test.\n\n\nIt no longer contains any HTML.\n}, strip_tags(`
			`%{<title>This is <b>a <a href="" target="_blank">test</a></b>.</title>\n\n<!-- it has a comment -->\n\n<p>It no <b>longer <strong>contains <em>any <strike>HTML</strike></em>.</strong></b></p>\n}))`
			`assert_equal "This has a here.", strip_tags("This has a <!-- comment --> here.")`
			`[nil, '', ' '].each { \|blank\| assert_equal blank, strip_tags(blank) }`
			`end`

			`def assert_sanitized(text, expected = nil)`
			`assert_equal((expected \|\| text), sanitize(text))`
			`end`
Rails 2.1 RC1 Updated Instiki to Rails 2.1 RC1 (aka 2.0.991). 2008-05-18 06:22:34 +02:00			`end`