package net.jforum.util;
import junit.framework.TestCase;
import net.jforum.TestCaseUtils;
import net.jforum.util.preferences.ConfigKeys;
import net.jforum.util.preferences.SystemGlobals;
/**
* @author Rafael Steil
* @version $Id: SafeHtmlTest.java,v 1.12 2007/09/19 14:08:56 rafaelsteil Exp $
*/
public class SafeHtmlTest extends TestCase
{
private static final String WELCOME_TAGS = "a, b, i, u, img";
private String input;
private String expected;
/**
* @see junit.framework.TestCase#setUp()
*/
protected void setUp() throws Exception
{
TestCaseUtils.loadEnvironment();
StringBuffer sb = new StringBuffer(512);
sb.append("<a href='http://somelink'>Some Link</a>");
sb.append("bla <b>bla</b> <pre>code code</pre>");
sb.append("<script>document.location = 'xxx';</script>");
sb.append("<img src='http://imgPath' onLoad='window.close();'>");
sb.append("<a href='javascript:alert(bleh)'>xxxx</a>");
sb.append("<img src='javascript:alert(bloh)'>");
sb.append("<img src=\"javascript:alert('Oops');\">");
sb.append("\"> TTTTT <");
sb.append("<img src='http://some.image' onLoad=\"javascript:alert('boo')\">");
sb.append("<b>heeelooo, nurse</b>");
sb.append("<b style='some style'>1, 2, 3</b>");
this.input = sb.toString();
sb = new StringBuffer(512);
sb.append("<a href='http://somelink'>Some Link</a>");
sb.append("bla <b>bla</b> <pre>code code</pre>");
sb.append("<script>document.location = 'xxx';</script>");
sb.append("<img src='http://imgPath' >");
sb.append("<a >xxxx</a>");
sb.append("<img >");
sb.append("<img >");
sb.append(""> TTTTT <");
sb.append("<img src='http://some.image' >");
sb.append("<b>heeelooo, nurse</b>");
sb.append("<b >1, 2, 3</b>");
this.expected = sb.toString();
}
public void testJavascriptInsideURLTagExpectItToBeRemoved()
{
String input = "<a class=\"snap_shots\" rel=\"nofollow\" target=\"_new\" onmouseover=\"javascript:alert('test2');\" href=\"before\">test</a>";
String expected = "<a class=\"snap_shots\" rel=\"nofollow\" target=\"_new\" >test</a>";
String result = new SafeHtml().ensureAllAttributesAreSafe(input);
assertEquals(expected, result);
}
public void testJavascriptInsideImageTagExpectItToBeRemoved()
{
String input = "<img border=\"0\" onmouseover=\"javascript:alert('buuuh!!!');\"\"\" src=\"javascript:alert('hi from an alert!');\"/>";
String expected = "<img border=\"0\" \"\" />";
String result = new SafeHtml().ensureAllAttributesAreSafe(input);
assertEquals(expected, result);
}
public void testIframe()
{
String input = "<iframe src='http://www.google.com' onload='javascript:parent.document.body.style.display=\'none\'; alert(\'where is the forum?\'); ' style='display:none;'></iframe>";
String output = "<iframe src='http://www.google.com' onload='javascript:parent.document.body.style.display=\'none\'; alert(\'where is the forum?\'); ' style='display:none;'></iframe>";
SystemGlobals.setValue(ConfigKeys.HTML_TAGS_WELCOME, WELCOME_TAGS);
assertEquals(output, new SafeHtml().makeSafe(input));
}
public void testMakeSafe() throws Exception
{
SystemGlobals.setValue(ConfigKeys.HTML_TAGS_WELCOME, WELCOME_TAGS);
assertEquals(this.expected, new SafeHtml().makeSafe(this.input));
}
}