We use cookies to ensure you get the best experience on our website
Home Esplora
Accedi
egonr
/
gogs
mirror da https://github.com/gogs/gogs
1
0
Forka 0
File
Albero (Tree): 59e9fa191b
Rami (Branch) Tag
gogs
/
internal
/
app
/
api_test.go

api_test.go 1.7 KB
Cronologia Originale

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. package app
    2. 

  2. 

  3. import (
    4. 

  4. 	"testing"
    5. 

  5. 

  6. 	"github.com/stretchr/testify/assert"
    7. 

  7. )
    8. 

  8. 

  9. func Test_ipynbSanitizer(t *testing.T) {
    10. 

  10. 	p := ipynbSanitizer()
    11. 

  11. 

  12. 	tests := []struct {
    13. 

  13. 		name  string
    14. 

  14. 		input string
    15. 

  15. 		want  string
    16. 

  16. 	}{
    17. 

  17. 		{
    18. 

  18. 			name: "allow 'class' and 'data-prompt-number' attributes",
    19. 

  19. 			input: `
    20. 

  20. <div class="nb-notebook">
    21. 

  21.     <div class="nb-worksheet">
    22. 

  22.         <div class="nb-cell nb-markdown-cell">Hello world</div>
    23. 

  23.         <div class="nb-cell nb-code-cell">
    24. 

  24.             <div class="nb-input" data-prompt-number="4">
    25. 

  25.             </div>
    26. 

  26.         </div>
    27. 

  27.     </div>
    28. 

  28. </div>
    29. 

  29. `,
    30. 

  30. 			want: `
    31. 

  31. <div class="nb-notebook">
    32. 

  32.     <div class="nb-worksheet">
    33. 

  33.         <div class="nb-cell nb-markdown-cell">Hello world</div>
    34. 

  34.         <div class="nb-cell nb-code-cell">
    35. 

  35.             <div class="nb-input" data-prompt-number="4">
    36. 

  36.             </div>
    37. 

  37.         </div>
    38. 

  38.     </div>
    39. 

  39. </div>
    40. 

  40. `,
    41. 

  41. 		},
    42. 

  42. 		{
    43. 

  43. 			name: "allow base64 encoded images",
    44. 

  44. 			input: `
    45. 

  45. <div class="nb-output" data-prompt-number="4">
    46. 

  46.     <img class="nb-image-output" src="data:image/png;base64,iVBORw0KGgoA"/>
    47. 

  47. </div>
    48. 

  48. `,
    49. 

  49. 			want: `
    50. 

  50. <div class="nb-output" data-prompt-number="4">
    51. 

  51.     <img class="nb-image-output" src="data:image/png;base64,iVBORw0KGgoA"/>
    52. 

  52. </div>
    53. 

  53. `,
    54. 

  54. 		},
    55. 

  55. 		{
    56. 

  56. 			name: "prevent XSS",
    57. 

  57. 			input: `
    58. 

  58. <div class="nb-output" data-prompt-number="10">
    59. 

  59. <div class="nb-html-output">
    60. 

  60. <style>
    61. 

  61. .output {
    62. 

  62. align-items: center;
    63. 

  63. background: #00ff00;
    64. 

  64. }
    65. 

  65. </style>
    66. 

  66. <script>
    67. 

  67. function test() {
    68. 

  68. alert("test");
    69. 

  69. }
    70. 

  70. 

  71. $(document).ready(test);
    72. 

  72. </script>
    73. 

  73. </div>
    74. 

  74. </div>
    75. 

  75. `,
    76. 

  76. 			want: `
    77. 

  77. <div class="nb-output" data-prompt-number="10">
    78. 

  78. <div class="nb-html-output">
    79. 

  79. 

  80. 

  81. </div>
    82. 

  82. </div>
    83. 

  83. `,
    84. 

  84. 		},
    85. 

  85. 	}
    86. 

  86. 	for _, test := range tests {
    87. 

  87. 		t.Run(test.name, func(t *testing.T) {
    88. 

  88. 			assert.Equal(t, test.want, p.Sanitize(test.input))
    89. 

  89. 		})
    90. 

  90. 	}
    91. 

  91. }
    92.