blob: 54bb3da1d97889d1a19dfe16b86ccdb88a210768 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
<!DOCTYPE html>
<html>
<head>
<title></title>
<script src="http://closure-library.googlecode.com/svn/trunk/closure/goog/base.js"></script>
<script src="parse_html_subset.js"></script>
<script>
goog.require('goog.testing.jsunit');
</script>
</head>
<body>
<script>
function parseAndAssertThrows(s) {
assertThrows(function() {
parseHtmlSubset(s);
});
}
function parseAndAssertNotThrows(s) {
assertNotThrows(function() {
parseHtmlSubset(s);
});
}
function testText() {
parseAndAssertNotThrows('');
parseAndAssertNotThrows('abc');
parseAndAssertNotThrows(' ');
}
function testSupportedTags() {
parseAndAssertNotThrows('<b>bold</b>');
parseAndAssertNotThrows('Some <b>bold</b> text');
parseAndAssertNotThrows('Some <strong>strong</strong> text');
parseAndAssertNotThrows('<B>bold</B>');
parseAndAssertNotThrows('Some <B>bold</B> text');
parseAndAssertNotThrows('Some <STRONG>strong</STRONG> text');
}
function testInvaliTags() {
parseAndAssertThrows('<unknown_tag>x</unknown_tag>');
parseAndAssertThrows('<img>');
parseAndAssertThrows('<script>alert(1)<' + '/script>');
}
function testInvalidAttributes() {
parseAndAssertThrows('<b onclick="alert(1)">x</b>');
parseAndAssertThrows('<b style="color:red">x</b>');
parseAndAssertThrows('<b foo>x</b>');
parseAndAssertThrows('<b foo=bar></b>');
}
function testValidAnchors() {
parseAndAssertNotThrows('<a href="http://google.com">Google</a>');
parseAndAssertNotThrows('<a href="https://google.com">Google</a>');
}
function testInvalidAnchorHrefs() {
parseAndAssertThrows('<a href="ftp://google.com">Google</a>');
parseAndAssertThrows('<a href="http/google.com">Google</a>');
parseAndAssertThrows('<a href="javascript:alert(1)">Google</a>');
}
function testInvalidAnchorAttributes() {
parseAndAssertThrows('<a name=foo>Google</a>');
parseAndAssertThrows(
'<a onclick="alert(1)" href="http://google.com">Google</a>');
parseAndAssertThrows('<a foo="bar(1)" href="http://google.com">Google</a>');
}
function testAnchorTarget() {
parseAndAssertNotThrows(
'<a href="http://google.com" target="blank_">Google</a>');
parseAndAssertNotThrows(
'<a href="http://google.com" target="foo">Google</a>');
}
</script>
</body>
</html>
|
