deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

More lenient URI scheme matching in sanitize.

Browse source
This commit is contained in:
Jacques Distler 2007-02-24 22:47:31 -06:00
parent f9dcfa5af0
commit 507a17aade
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
test/unit/sanitize_test.rb
View file

@ -47,11 +47,24 @@ class SanitizeTest < Test::Unit::TestCase
end
end
Sanitize::ALLOWED_PROTOCOLS.each do |protocol|
define_method "test_should_allow_uppercase_#{protocol}_uris" do
assert_equal "<a href=\"#{protocol.upcase}\">foo</a>",
sanitize_html(%(<a href="#{protocol.upcase}">foo</a>))
end
end
def test_should_allow_anchors
assert_equal "<a href=\"foo\">&lt;script>baz&lt;/script></a>",
sanitize_html("<a href='foo' onclick='bar'><script>baz</script></a>")
end
# RFC 3986, sec 4.2
def test_allow_colons_in_path_component
assert_equal "<a href=\"./this:that\">foo</a>",
sanitize_html("<a href=\"./this:that\">foo</a>")
end
%w(src width height alt).each do |img_attr|
define_method "test_should_allow_image_#{img_attr}_attribute" do
assert_equal "<img #{img_attr}=\"foo\" />",