// Copyright 2017 The Gitea Authors. All rights reserved. // Copyright 2017 The Gogs Authors. All rights reserved. // SPDX-License-Identifier: MIT package markup import ( "testing" "github.com/stretchr/testify/assert" ) func TestSanitizer(t *testing.T) { testCases := []string{ // Regular `Google`, `Google`, "<script>alert(document.domain)</script>", "<script>alert(document.domain)</script>", // Code highlighting class ``, ``, ``, ``, ``, ``, // Input checkbox ``, ``, ``, ``, ``, ``, // Code highlight injection ``, ``, `   Hello there! Something has gone wrong, we are working on it. In the meantime, play a game with us at example.com. `, "\n\u00a0\n\nHello there! Something has gone wrong, we are working on it.\nIn the meantime, play a game with us at\u00a0example.com.\n", // tags `Ctrl + C`, `Ctrl + C`, `NAUGHTY`, `NAUGHTY`, `unchecked`, `unchecked`, `NAUGHTY`, `NAUGHTY`, // Color property `Hello World`, `Hello World`, `

Hello World

`, `

Hello World

`, `Hello World`, `Hello World`, `Hello World`, `Hello World`, `

Hello World

`, `

Hello World

`, `Hello World`, `Hello World`, // Org mode status of list items. `
  • `, `
  • `, `
  • `, `
  • `, `
  • `, `
  • `, // URLs `my custom URL scheme`, `my custom URL scheme`, `my custom URL scheme`, `my custom URL scheme`, // Disallow dangerous url schemes `bad`, `bad`, `bad`, `bad`, `bad`, `bad`, } for i := 0; i < len(testCases); i += 2 { assert.Equal(t, testCases[i+1], Sanitize(testCases[i])) } }