4 use Test
::More tests
=> 32;
7 BEGIN { use_ok
("IkiWiki"); }
9 # Initialize htmlscrubber plugin
10 %config=IkiWiki
::defaultconfig
();
11 $config{srcdir
}=$config{destdir
}="/dev/null";
12 IkiWiki
::loadplugins
();
13 IkiWiki
::checkconfig
();
15 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn", "foo\n\nbar\n"), "<p>foo</p>\n\n<p>bar</p>\n",
17 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn", readfile
("t/test1.mdwn")),
18 Encode
::decode_utf8
(qq{<p
><img src
="../images/o.jpg" alt
="o" title
="ó" />\nóóóóó</p>\n}),
20 ok
(IkiWiki
::htmlize
("foo", "foo", "mdwn", readfile
("t/test2.mdwn")),
21 "this file crashes markdown if it's fed in as decoded utf-8");
24 my $html=IkiWiki
::htmlize
("foo", "foo", "mdwn", shift);
25 return $html =~ /GOTCHA/;
27 ok
(!gotcha
(q{<a href="javascript:alert('GOTCHA')">click me</a>}),
29 ok
(!gotcha
(q{<a href="javascript:alert('GOTCHA')">click me</a>}),
30 "partially encoded javascript url");
31 ok
(!gotcha
(q{<a href="jscript:alert('GOTCHA')">click me</a>}),
33 ok
(!gotcha
(q{<a href="vbscript:alert('GOTCHA')">click me</a>}),
35 ok
(!gotcha
(q{<a href="java script:alert('GOTCHA')">click me</a>}),
36 "java-tab-script url");
37 ok
(!gotcha
(q{<span style="any: expressio(GOTCHA)n(window.location='http://example.org/')">foo</span>}),
38 "entity-encoded CSS script test");
39 ok
(!gotcha
(q{<span style="any: expression(GOTCHA)(window.location='http://example.org/')">foo</span>}),
40 "another entity-encoded CSS script test");
41 ok
(!gotcha
(q{<script>GOTCHA</script>}),
43 ok
(!gotcha
(q{<form action="javascript:alert('GOTCHA')">foo</form>}),
44 "form action with javascript");
45 ok
(!gotcha
(q{<video poster="javascript:alert('GOTCHA')" href="foo.avi">foo</video>}),
46 "video poster with javascript");
47 ok
(!gotcha
(q{<span style="background: url(javascript:window.location=GOTCHA)">a</span>}),
49 ok
(! gotcha
(q{<img src="data:text/javascript;GOTCHA">}),
50 "data:text/javascript (jeez!)");
51 ok
(gotcha
(q{<img src="data:image/png;base64,GOTCHA">}), "data:image/png");
52 ok
(gotcha
(q{<img src="data:image/gif;base64,GOTCHA">}), "data:image/gif");
53 ok
(gotcha
(q{<img src="data:image/jpeg;base64,GOTCHA">}), "data:image/jpeg");
54 ok
(gotcha
(q{<p>javascript:alert('GOTCHA')</p>}),
55 "not javascript AFAIK (but perhaps some web browser would like to
56 be perverse and assume it is?)");
57 ok
(gotcha
(q{<img src="javascript.png?GOTCHA">}), "not javascript");
58 ok
(gotcha
(q{<a href="javascript.png?GOTCHA">foo</a>}), "not javascript");
59 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
60 q{<img alt="foo" src="foo.gif">}),
61 q{<img alt="foo" src="foo.gif">}, "img with alt tag allowed");
62 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
63 q{<a href="http://google.com/">}),
64 q{<a href="http://google.com/">}, "absolute url allowed");
65 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
66 q{<a href="foo.html">}),
67 q{<a href="foo.html">}, "relative url allowed");
68 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
69 q{<span class="foo">bar</span>}),
70 q{<span class="foo">bar</span>}, "class attribute allowed");
71 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
72 q{<a href="aaa#foo">}),
73 q{<a href="aaa#foo">}, "simple anchor allowed");
74 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
75 q{<a href="aaa#foo:bar">}),
76 q{<a href="aaa#foo:bar">}, "colon allowed in anchor");
77 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
78 q{<a href="aaa?foo:bar">}),
79 q{<a href="aaa?foo:bar">}, "colon allowed in query string");
80 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
81 q{<a href="foo:bar">}),
82 q{<a>}, "unknown protocol blocked");
83 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
85 q{<a href="#foo">}, "simple relative anchor allowed");
86 is
(IkiWiki
::htmlize
("foo", "foo", "mdwn",
87 q{<a href="#foo:bar">}),
88 q{<a href="#foo:bar">}, "colon in simple relative anchor allowed");