diff options
| author | Jon Newson <jon_newson@ieee.org> | 2016-02-26 16:20:59 +1100 |
|---|---|---|
| committer | Jon Newson <jon_newson@ieee.org> | 2016-02-26 16:20:59 +1100 |
| commit | 05f4e2ca2d64eaba23c87df4d2e2cc9e09bba6de (patch) | |
| tree | 50b2ccf6454f31a3f6bceaa997a5e2abbcb91a80 /web-ui/test/spec/helpers/sanitizer.spec.js | |
| parent | 52467b9aef76c9aac2f250478befd3afb7b6aabd (diff) | |
| parent | dbb434b56e6b161a3b851ae6a81f96dff14a29da (diff) | |
Merge branch 'master' of https://github.com/pixelated/pixelated-user-agent
# By Felix Hammerl (5) and others
# Via NavaL
* 'master' of https://github.com/pixelated/pixelated-user-agent:
serving the client directly, as the current dependency on proxy strips out xsrf cookies -fixing functional test
only adding feature resource in root_resource test -- fixing build
changed logout to post Issue #612
Backend and frontend protection against csrf attacks: - root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login - it will also add that cookie on single user mode - initialize will still load all resources - but they you cant access them if the csrf token do not match - all ajax calls needs to add the token to the header - non ajax get requests do not need xsrf token validation - non ajax post will have to send the token in as a form input or in the content
Consolidate stylesheets
Remove unused font and stylesheetgit s
Create a new deferred for all IMAPAccount calls
Clean up jshintrc
Recreate session on soledad problems
issue #617: Remove old html whitelister
Issue #617: Sanitize received content
Diffstat (limited to 'web-ui/test/spec/helpers/sanitizer.spec.js')
| -rw-r--r-- | web-ui/test/spec/helpers/sanitizer.spec.js | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/web-ui/test/spec/helpers/sanitizer.spec.js b/web-ui/test/spec/helpers/sanitizer.spec.js new file mode 100644 index 00000000..acd4b2b2 --- /dev/null +++ b/web-ui/test/spec/helpers/sanitizer.spec.js @@ -0,0 +1,49 @@ +define(['helpers/sanitizer'], function (sanitizer) { + 'use strict'; + + describe('sanitizer', function () { + + describe('sanitizer.addLineBreaks', function () { + it('should add line breaks', function () { + var expectedOutput = 'foo<br/>bar'; + var output = sanitizer.addLineBreaks('foo\nbar'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.purifyHtml', function () { + it('should fire up DOMPurify', function () { + var expectedOutput = '123<a target="_blank">I am a dolphin!</a>'; + var output = sanitizer.purifyHtml('123<a href="javascript:alert(1)">I am a dolphin!</a>'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.purifyText', function () { + it('should escape HTML', function () { + var expectedOutput = '123<a>asd</a>'; + var output = sanitizer.purifyText('123<a>asd</a>'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.sanitize', function () { + it('should sanitize a plaintext mail', function () { + var expectedOutput = '123<a>asd</a>'; + var output = sanitizer.sanitize({ + textPlainBody: '123<a>asd</a>' + }); + expect(output).toEqual(expectedOutput); + }); + + it('should sanitize an html mail', function () { + var expectedOutput = '<div>123<a target="_blank">I am a dolphin!</a>foobar</div>'; + var output = sanitizer.sanitize({ + htmlBody: '<div>123<a href="javascript:alert(1)">I am a dolphin!</a>foobar</div>' + }); + expect(output).toEqual(expectedOutput); + }); + }); + + }); +}); |