Home Explore
Register Sign In
Endevir
/
git-server
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 39bdd5c2cd
Branches Tags
git-server
/
internal
/
app
/
api_test.go

api_test.go 1.8 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. // Copyright 2020 The Gogs Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a MIT-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package app
    6. 

  6. 

  7. import (
    8. 

  8. 	"testing"
    9. 

  9. 

  10. 	"github.com/stretchr/testify/assert"
    11. 

  11. )
    12. 

  12. 

  13. func Test_ipynbSanitizer(t *testing.T) {
    14. 

  14. 	p := ipynbSanitizer()
    15. 

  15. 

  16. 	tests := []struct {
    17. 

  17. 		name  string
    18. 

  18. 		input string
    19. 

  19. 		want  string
    20. 

  20. 	}{
    21. 

  21. 		{
    22. 

  22. 			name: "allow 'class' and 'data-prompt-number' attributes",
    23. 

  23. 			input: `
    24. 

  24. <div class="nb-notebook">
    25. 

  25.     <div class="nb-worksheet">
    26. 

  26.         <div class="nb-cell nb-markdown-cell">Hello world</div>
    27. 

  27.         <div class="nb-cell nb-code-cell">
    28. 

  28.             <div class="nb-input" data-prompt-number="4">
    29. 

  29.             </div>
    30. 

  30.         </div>
    31. 

  31.     </div>
    32. 

  32. </div>
    33. 

  33. `,
    34. 

  34. 			want: `
    35. 

  35. <div class="nb-notebook">
    36. 

  36.     <div class="nb-worksheet">
    37. 

  37.         <div class="nb-cell nb-markdown-cell">Hello world</div>
    38. 

  38.         <div class="nb-cell nb-code-cell">
    39. 

  39.             <div class="nb-input" data-prompt-number="4">
    40. 

  40.             </div>
    41. 

  41.         </div>
    42. 

  42.     </div>
    43. 

  43. </div>
    44. 

  44. `,
    45. 

  45. 		},
    46. 

  46. 		{
    47. 

  47. 			name: "allow base64 encoded images",
    48. 

  48. 			input: `
    49. 

  49. <div class="nb-output" data-prompt-number="4">
    50. 

  50.     <img class="nb-image-output" src="data:image/png;base64,iVBORw0KGgoA"/>
    51. 

  51. </div>
    52. 

  52. `,
    53. 

  53. 			want: `
    54. 

  54. <div class="nb-output" data-prompt-number="4">
    55. 

  55.     <img class="nb-image-output" src="data:image/png;base64,iVBORw0KGgoA"/>
    56. 

  56. </div>
    57. 

  57. `,
    58. 

  58. 		},
    59. 

  59. 		{
    60. 

  60. 			name: "prevent XSS",
    61. 

  61. 			input: `
    62. 

  62. <div class="nb-output" data-prompt-number="10">
    63. 

  63. <div class="nb-html-output">
    64. 

  64. <style>
    65. 

  65. .output {
    66. 

  66. align-items: center;
    67. 

  67. background: #00ff00;
    68. 

  68. }
    69. 

  69. </style>
    70. 

  70. <script>
    71. 

  71. function test() {
    72. 

  72. alert("test");
    73. 

  73. }
    74. 

  74. 

  75. $(document).ready(test);
    76. 

  76. </script>
    77. 

  77. </div>
    78. 

  78. </div>
    79. 

  79. `,
    80. 

  80. 			want: `
    81. 

  81. <div class="nb-output" data-prompt-number="10">
    82. 

  82. <div class="nb-html-output">
    83. 

  83. 

  84. 

  85. </div>
    86. 

  86. </div>
    87. 

  87. `,
    88. 

  88. 		},
    89. 

  89. 	}
    90. 

  90. 	for _, test := range tests {
    91. 

  91. 		t.Run(test.name, func(t *testing.T) {
    92. 

  92. 			assert.Equal(t, test.want, p.Sanitize(test.input))
    93. 

  93. 		})
    94. 

  94. 	}
    95. 

  95. }
    96.