github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-21 00:45:26 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Upgraded and refactored Sanitizing. Much less crap should get through now!

Browse Source 
Conflicts:
	app/assets/javascripts/discourse/components/syntax_highlighting.js
This commit is contained in:
Robin Ward
2013-10-11 16:24:27 -04:00
parent 380d8c028f
commit 9e93d8ed52
16 changed files with 175 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
test/javascripts/components/markdown_test.js
View File

@ -278,10 +278,12 @@ test("Code Blocks", function() {
});
test("SanitizeHTML", function() {
test("sanitize", function() {
var sanitize = Discourse.Markdown.sanitize;
equal(sanitizeHtml("<div><script>alert('hi');</script></div>"), "<div></div>");
equal(sanitizeHtml("<div><p class=\"funky\" wrong='1'>hello</p></div>"), "<div><p class=\"funky\">hello</p></div>");
equal(sanitize("<i class=\"icon-bug icon-spin\">bug</i>"), "<i>bug</i>");
equal(sanitize("<div><script>alert('hi');</script></div>"), "<div></div>");
equal(sanitize("<div><p class=\"funky\" wrong='1'>hello</p></div>"), "<div><p>hello</p></div>");
cooked("hello<script>alert(42)</script>", "<p>hello</p>", "it sanitizes while cooking");
cooked("<a href='http://disneyland.disney.go.com/'>disney</a> <a href='http://reddit.com'>reddit</a>",
@ -305,3 +307,15 @@ test("URLs in BBCode tags", function() {
"named links are properly parsed");
});
test("urlAllowed", function() {
var allowed = function(url, msg) {
equal(Discourse.Markdown.urlAllowed(url), url, msg);
};
allowed("/foo/bar.html", "allows relative urls");
allowed("http://eviltrout.com/evil/trout", "allows full urls");
allowed("https://eviltrout.com/evil/trout", "allows https urls");
allowed("//eviltrout.com/evil/trout", "allows protocol relative urls");
});