1 defmodule Pleroma.HTMLTest do
7 <p>this is a paragraph</p>
8 this is a linebreak<br />
9 this is an image: <img src="http://example.com/image.jpg"><br />
10 <script>alert('hacked')</script>
13 @html_onerror_sample """
14 <img src="http://example.com/image.jpg" onerror="alert('hacked')">
17 describe "StripTags scrubber" do
18 test "works as expected" do
27 assert expected == HTML.strip_tags(@html_sample)
30 test "does not allow attribute-based XSS" do
33 assert expected == HTML.strip_tags(@html_onerror_sample)
37 describe "TwitterText scrubber" do
38 test "normalizes HTML as expected" do
41 <p>this is a paragraph</p>
42 this is a linebreak<br />
43 this is an image: <img src="http://example.com/image.jpg" /><br />
47 assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText)
50 test "does not allow attribute-based XSS" do
52 <img src="http://example.com/image.jpg" />
55 assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText)
59 describe "default scrubber" do
60 test "normalizes HTML as expected" do
62 <b>this is in bold</b>
63 <p>this is a paragraph</p>
64 this is a linebreak<br />
65 this is an image: <img src="http://example.com/image.jpg" /><br />
69 assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default)
72 test "does not allow attribute-based XSS" do
74 <img src="http://example.com/image.jpg" />
77 assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default)