diff options
| author | Felix Hammerl <fhammerl@thoughtworks.com> | 2016-02-24 10:13:25 +0100 |
|---|---|---|
| committer | Felix Hammerl <fhammerl@thoughtworks.com> | 2016-02-24 10:20:36 +0100 |
| commit | 77ec41bb6f542077503106cacc1dbd28118c50b4 (patch) | |
| tree | 7e59c1e5cdffd6146acb6504a9741d394af6a62f /web-ui/test | |
| parent | 6160633ab9a54238974af3cf498024ad98fc977e (diff) | |
Issue #617: Sanitize received content
Sanitizes received HTML content with DOMPurify, making it safe
for displaying and templating. Sanitizes received plain text content
by encoding every single character as HTML entity.
Diffstat (limited to 'web-ui/test')
| -rw-r--r-- | web-ui/test/spec/helpers/sanitizer.spec.js | 49 | ||||
| -rw-r--r-- | web-ui/test/spec/helpers/view_helper.spec.js | 7 | ||||
| -rw-r--r-- | web-ui/test/test-main.js | 3 |
3 files changed, 51 insertions, 8 deletions
diff --git a/web-ui/test/spec/helpers/sanitizer.spec.js b/web-ui/test/spec/helpers/sanitizer.spec.js new file mode 100644 index 00000000..acd4b2b2 --- /dev/null +++ b/web-ui/test/spec/helpers/sanitizer.spec.js @@ -0,0 +1,49 @@ +define(['helpers/sanitizer'], function (sanitizer) { + 'use strict'; + + describe('sanitizer', function () { + + describe('sanitizer.addLineBreaks', function () { + it('should add line breaks', function () { + var expectedOutput = 'foo<br/>bar'; + var output = sanitizer.addLineBreaks('foo\nbar'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.purifyHtml', function () { + it('should fire up DOMPurify', function () { + var expectedOutput = '123<a target="_blank">I am a dolphin!</a>'; + var output = sanitizer.purifyHtml('123<a href="javascript:alert(1)">I am a dolphin!</a>'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.purifyText', function () { + it('should escape HTML', function () { + var expectedOutput = '123<a>asd</a>'; + var output = sanitizer.purifyText('123<a>asd</a>'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.sanitize', function () { + it('should sanitize a plaintext mail', function () { + var expectedOutput = '123<a>asd</a>'; + var output = sanitizer.sanitize({ + textPlainBody: '123<a>asd</a>' + }); + expect(output).toEqual(expectedOutput); + }); + + it('should sanitize an html mail', function () { + var expectedOutput = '<div>123<a target="_blank">I am a dolphin!</a>foobar</div>'; + var output = sanitizer.sanitize({ + htmlBody: '<div>123<a href="javascript:alert(1)">I am a dolphin!</a>foobar</div>' + }); + expect(output).toEqual(expectedOutput); + }); + }); + + }); +}); diff --git a/web-ui/test/spec/helpers/view_helper.spec.js b/web-ui/test/spec/helpers/view_helper.spec.js index 92a31a1f..b2f597c2 100644 --- a/web-ui/test/spec/helpers/view_helper.spec.js +++ b/web-ui/test/spec/helpers/view_helper.spec.js @@ -90,13 +90,6 @@ define(['helpers/view_helper'], function (viewHelper) { }); }); - it('each line of plain text mail gets a new paragraph', function () { - var formattedMail = $('<div></div>'); - formattedMail.html(viewHelper.formatMailBody(testData.parsedMail.simpleTextPlain)); - expect(formattedMail).toContainHtml('<div>Hello Everyone<br/></div>'); - }); - - it('escape html in plain text body', function () { var formattedMail = $('<div></div>'); var mail = testData.parsedMail.simpleTextPlain; diff --git a/web-ui/test/test-main.js b/web-ui/test/test-main.js index 7d87d9de..17ba3876 100644 --- a/web-ui/test/test-main.js +++ b/web-ui/test/test-main.js @@ -14,6 +14,8 @@ requirejs.config({ 'lib': 'app/js/lib', 'hbs': 'app/js/generated/hbs', 'flight': 'app/bower_components/flight', + 'DOMPurify': 'app/bower_components/DOMPurify/dist/purify.min', + 'he': 'app/bower_components/he/he', 'views': 'app/js/views', 'helpers': 'app/js/helpers', 'feedback': 'app/js/feedback', @@ -35,7 +37,6 @@ requirejs.config({ 'user_settings': 'app/js/user_settings' }, - deps: tests, callback: function () { |