summaryrefslogtreecommitdiff
path: root/web-ui/test/spec
diff options
context:
space:
mode:
authorFelix Hammerl <fhammerl@thoughtworks.com>2016-02-24 10:13:25 +0100
committerFelix Hammerl <fhammerl@thoughtworks.com>2016-02-24 10:20:36 +0100
commit77ec41bb6f542077503106cacc1dbd28118c50b4 (patch)
tree7e59c1e5cdffd6146acb6504a9741d394af6a62f /web-ui/test/spec
parent6160633ab9a54238974af3cf498024ad98fc977e (diff)
Issue #617: Sanitize received content
Sanitizes received HTML content with DOMPurify, making it safe for displaying and templating. Sanitizes received plain text content by encoding every single character as HTML entity.
Diffstat (limited to 'web-ui/test/spec')
-rw-r--r--web-ui/test/spec/helpers/sanitizer.spec.js49
-rw-r--r--web-ui/test/spec/helpers/view_helper.spec.js7
2 files changed, 49 insertions, 7 deletions
diff --git a/web-ui/test/spec/helpers/sanitizer.spec.js b/web-ui/test/spec/helpers/sanitizer.spec.js
new file mode 100644
index 00000000..acd4b2b2
--- /dev/null
+++ b/web-ui/test/spec/helpers/sanitizer.spec.js
@@ -0,0 +1,49 @@
+define(['helpers/sanitizer'], function (sanitizer) {
+ 'use strict';
+
+ describe('sanitizer', function () {
+
+ describe('sanitizer.addLineBreaks', function () {
+ it('should add line breaks', function () {
+ var expectedOutput = 'foo<br/>bar';
+ var output = sanitizer.addLineBreaks('foo\nbar');
+ expect(output).toEqual(expectedOutput);
+ });
+ });
+
+ describe('sanitizer.purifyHtml', function () {
+ it('should fire up DOMPurify', function () {
+ var expectedOutput = '123<a target="_blank">I am a dolphin!</a>';
+ var output = sanitizer.purifyHtml('123<a href="javascript:alert(1)">I am a dolphin!</a>');
+ expect(output).toEqual(expectedOutput);
+ });
+ });
+
+ describe('sanitizer.purifyText', function () {
+ it('should escape HTML', function () {
+ var expectedOutput = '&#x31;&#x32;&#x33;&#x3C;&#x61;&#x3E;&#x61;&#x73;&#x64;&#x3C;&#x2F;&#x61;&#x3E;';
+ var output = sanitizer.purifyText('123<a>asd</a>');
+ expect(output).toEqual(expectedOutput);
+ });
+ });
+
+ describe('sanitizer.sanitize', function () {
+ it('should sanitize a plaintext mail', function () {
+ var expectedOutput = '&#x31;&#x32;&#x33;&#x3C;&#x61;&#x3E;&#x61;&#x73;&#x64;&#x3C;&#x2F;&#x61;&#x3E;';
+ var output = sanitizer.sanitize({
+ textPlainBody: '123<a>asd</a>'
+ });
+ expect(output).toEqual(expectedOutput);
+ });
+
+ it('should sanitize an html mail', function () {
+ var expectedOutput = '<div>123<a target="_blank">I am a dolphin!</a>foobar</div>';
+ var output = sanitizer.sanitize({
+ htmlBody: '<div>123<a href="javascript:alert(1)">I am a dolphin!</a>foobar</div>'
+ });
+ expect(output).toEqual(expectedOutput);
+ });
+ });
+
+ });
+});
diff --git a/web-ui/test/spec/helpers/view_helper.spec.js b/web-ui/test/spec/helpers/view_helper.spec.js
index 92a31a1f..b2f597c2 100644
--- a/web-ui/test/spec/helpers/view_helper.spec.js
+++ b/web-ui/test/spec/helpers/view_helper.spec.js
@@ -90,13 +90,6 @@ define(['helpers/view_helper'], function (viewHelper) {
});
});
- it('each line of plain text mail gets a new paragraph', function () {
- var formattedMail = $('<div></div>');
- formattedMail.html(viewHelper.formatMailBody(testData.parsedMail.simpleTextPlain));
- expect(formattedMail).toContainHtml('<div>Hello Everyone<br/></div>');
- });
-
-
it('escape html in plain text body', function () {
var formattedMail = $('<div></div>');
var mail = testData.parsedMail.simpleTextPlain;