1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 |
- // Copyright 2020 The Gogs Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
- package app
- import (
- "testing"
- "github.com/stretchr/testify/assert"
- )
- func Test_ipynbSanitizer(t *testing.T) {
- p := ipynbSanitizer()
- tests := []struct {
- name string
- input string
- want string
- }{
- {
- name: "allow 'class' and 'data-prompt-number' attributes",
- input: `
- <div class="nb-notebook">
- <div class="nb-worksheet">
- <div class="nb-cell nb-markdown-cell">Hello world</div>
- <div class="nb-cell nb-code-cell">
- <div class="nb-input" data-prompt-number="4">
- </div>
- </div>
- </div>
- </div>
- `,
- want: `
- <div class="nb-notebook">
- <div class="nb-worksheet">
- <div class="nb-cell nb-markdown-cell">Hello world</div>
- <div class="nb-cell nb-code-cell">
- <div class="nb-input" data-prompt-number="4">
- </div>
- </div>
- </div>
- </div>
- `,
- },
- {
- name: "allow base64 encoded images",
- input: `
- <div class="nb-output" data-prompt-number="4">
- <img class="nb-image-output" src="data:image/png;base64,iVBORw0KGgoA"/>
- </div>
- `,
- want: `
- <div class="nb-output" data-prompt-number="4">
- <img class="nb-image-output" src="data:image/png;base64,iVBORw0KGgoA"/>
- </div>
- `,
- },
- {
- name: "prevent XSS",
- input: `
- <div class="nb-output" data-prompt-number="10">
- <div class="nb-html-output">
- <style>
- .output {
- align-items: center;
- background: #00ff00;
- }
- </style>
- <script>
- function test() {
- alert("test");
- }
- $(document).ready(test);
- </script>
- </div>
- </div>
- `,
- want: `
- <div class="nb-output" data-prompt-number="10">
- <div class="nb-html-output">
- </div>
- </div>
- `,
- },
- }
- for _, test := range tests {
- t.Run(test.name, func(t *testing.T) {
- assert.Equal(t, test.want, p.Sanitize(test.input))
- })
- }
- }
|