From 77ec41bb6f542077503106cacc1dbd28118c50b4 Mon Sep 17 00:00:00 2001 From: Felix Hammerl Date: Wed, 24 Feb 2016 10:13:25 +0100 Subject: Issue #617: Sanitize received content Sanitizes received HTML content with DOMPurify, making it safe for displaying and templating. Sanitizes received plain text content by encoding every single character as HTML entity. --- web-ui/test/spec/helpers/sanitizer.spec.js | 49 ++++++++++++++++++++++++++++ web-ui/test/spec/helpers/view_helper.spec.js | 7 ---- 2 files changed, 49 insertions(+), 7 deletions(-) create mode 100644 web-ui/test/spec/helpers/sanitizer.spec.js (limited to 'web-ui/test/spec/helpers') diff --git a/web-ui/test/spec/helpers/sanitizer.spec.js b/web-ui/test/spec/helpers/sanitizer.spec.js new file mode 100644 index 00000000..acd4b2b2 --- /dev/null +++ b/web-ui/test/spec/helpers/sanitizer.spec.js @@ -0,0 +1,49 @@ +define(['helpers/sanitizer'], function (sanitizer) { + 'use strict'; + + describe('sanitizer', function () { + + describe('sanitizer.addLineBreaks', function () { + it('should add line breaks', function () { + var expectedOutput = 'foo
bar'; + var output = sanitizer.addLineBreaks('foo\nbar'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.purifyHtml', function () { + it('should fire up DOMPurify', function () { + var expectedOutput = '123I am a dolphin!'; + var output = sanitizer.purifyHtml('123I am a dolphin!'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.purifyText', function () { + it('should escape HTML', function () { + var expectedOutput = '123<a>asd</a>'; + var output = sanitizer.purifyText('123asd'); + expect(output).toEqual(expectedOutput); + }); + }); + + describe('sanitizer.sanitize', function () { + it('should sanitize a plaintext mail', function () { + var expectedOutput = '123<a>asd</a>'; + var output = sanitizer.sanitize({ + textPlainBody: '123asd' + }); + expect(output).toEqual(expectedOutput); + }); + + it('should sanitize an html mail', function () { + var expectedOutput = '
123I am a dolphin!foobar
'; + var output = sanitizer.sanitize({ + htmlBody: '
123I am a dolphin!foobar
' + }); + expect(output).toEqual(expectedOutput); + }); + }); + + }); +}); diff --git a/web-ui/test/spec/helpers/view_helper.spec.js b/web-ui/test/spec/helpers/view_helper.spec.js index 92a31a1f..b2f597c2 100644 --- a/web-ui/test/spec/helpers/view_helper.spec.js +++ b/web-ui/test/spec/helpers/view_helper.spec.js @@ -90,13 +90,6 @@ define(['helpers/view_helper'], function (viewHelper) { }); }); - it('each line of plain text mail gets a new paragraph', function () { - var formattedMail = $('
'); - formattedMail.html(viewHelper.formatMailBody(testData.parsedMail.simpleTextPlain)); - expect(formattedMail).toContainHtml('
Hello Everyone
'); - }); - - it('escape html in plain text body', function () { var formattedMail = $('
'); var mail = testData.parsedMail.simpleTextPlain; -- cgit v1.2.3