Commit32a7936

committed

fixup! Reintroduce the old sanitizer testsuite from html5lib-tests

1 parented2cd9f commit32a7936Copy full SHA for 32a7936

File tree

2 files changed

+30

-29

lines changed

html5lib/tests
- sanitizer-testdata
  - tests1.dat
- sanitizer.py

2 files changed

+30

-29

lines changed

`‎html5lib/tests/sanitizer-testdata/tests1.dat`

Lines changed: 28 additions & 28 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,13 +20,13 @@`
`20`	`20`	`{`
`21`	`21`	`"name": "background_attribute",`
`22`	`22`	`"input": "<div background=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-23-22-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">23`	`- "output": "<div/>"`
	`23`	`+ "output": "<div></div>"`
`24`	`24`	`},`
`25`	`25`
`26`	`26`	`{`
`27`	`27`	`"name": "bgsound",`
`28`	`28`	`"input": "<bgsound src=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-29-28-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">29`	`- "output": "<bgsound src=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-29-29-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">`	`29`	`+ "output": "<bgsound src=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-30-30-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">30`	`30`	`},`
`31`	`31`
`32`	`32`	`{`
`@@ -44,13 +44,13 @@`
`44`	`44`	`{`
`45`	`45`	`"name": "double_open_angle_brackets",`
`46`	`46`	`"input": "<img src=http://ha.ckers.org/scriptlet.html <",`
`47`		`- "output": "<img src='http://ha.ckers.org/scriptlet.html'>"`
	`47`	`+ "output": ""`
`48`	`48`	`},`
`49`	`49`
`50`	`50`	`{`
`51`	`51`	`"name": "double_open_angle_brackets_2",`
`52`	`52`	`"input": "<script src=http://ha.ckers.org/scriptlet.html <",`
`53`		`- "output": "<script src=\"http://ha.ckers.org/scriptlet.html\" <=\"\">"`
	`53`	`+ "output": ""`
`54`	`54`	`},`
`55`	`55`
`56`	`56`	`{`
`@@ -80,13 +80,13 @@`
`80`	`80`	`{`
`81`	`81`	`"name": "link_stylesheets",`
`82`	`82`	`"input": "<link rel=\"stylesheet\" href=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-83-82-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">83`	`- "output": "<linkrel=\"stylesheet\"href=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-83-83-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">`	`83`	`+ "output": "<link href=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-84-84-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">84`	`84`	`},`
`85`	`85`
`86`	`86`	`{`
`87`	`87`	`"name": "link_stylesheets_2",`
`88`	`88`	`"input": "<link rel=\"stylesheet\" href=\"http://ha.ckers.org/xss.css\" />",`
`89`		`- "output": "<linkrel=\"stylesheet\"href=\"http://ha.ckers.org/xss.css\"/>"`
	`89`	`+ "output": "<link href=\"http://ha.ckers.org/xss.css\" rel=\"stylesheet\">"`
`90`	`90`	`},`
`91`	`91`
`92`	`92`	`{`
`@@ -98,13 +98,13 @@`
`98`	`98`	`{`
`99`	`99`	`"name": "no_closing_script_tags",`
`100`	`100`	`"input": "<script src=http://ha.ckers.org/xss.js?<b>",`
`101`		`- "output": "<script src=\"http://ha.ckers.org/xss.js?&lt;b\">"`
	`101`	`+ "output": "<script src=\"http://ha.ckers.org/xss.js?&lt;b\"></script>"`
`102`	`102`	`},`
`103`	`103`
`104`	`104`	`{`
`105`	`105`	`"name": "non_alpha_non_digit",`
`106`	`106`	`"input": "<script/XSS src=\"http://ha.ckers.org/xss.js\"></script>",`
`107`		`- "output": "<scriptXSS=\"\"src=\"http://ha.ckers.org/xss.js\"></script>"`
	`107`	`+ "output": "<script src=\"http://ha.ckers.org/xss.js\" xss=\"\"></script>"`
`108`	`108`	`},`
`109`	`109`
`110`	`110`	`{`
`@@ -134,7 +134,7 @@`
`134`	`134`	`{`
`135`	`135`	`"name": "platypus",`
`136`	`136`	`"input": "<a href=\"http://www.ragingplatypus.com/\" style=\"display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;\">never trust your upstream platypus</a>",`
`137`		`- "output": "<ahref='http://www.ragingplatypus.com/'style='display: block; width: 100%; height: 100%; background-color: black; background-x: center; background-y: center;'>never trust your upstream platypus</a>"`
	`137`	`+ "output": "<a style='display: block; width: 100%; height: 100%; background-color: black; background-x: center; background-y: center;' href='http://www.ragingplatypus.com/'>never trust your upstream platypus</a>"`
`138`	`138`	`},`
`139`	`139`
`140`	`140`	`{`
`@@ -290,13 +290,13 @@`
`290`	`290`	`{`
`291`	`291`	`"name": "should_sanitize_half_open_scripts",`
`292`	`292`	`"input": "<img src=\"#"diff-353b45a5730482215879833fc46d4e3ad5cef7040e01ccbe3880e4c6d35361be-293-292-0" data-selected="false" role="gridcell" tabindex="-1" valign="top">293`	`- "output": "<img/>"`
	`293`	`+ "output": ""`
`294`	`294`	`},`
`295`	`295`
`296`	`296`	`{`
`297`	`297`	`"name": "should_sanitize_invalid_script_tag",`
`298`	`298`	`"input": "<script/XSS SRC=\"http://ha.ckers.org/xss.js\"></script>",`
`299`		`- "output": "<scriptXSS=\"\" SRC=\"http://ha.ckers.org/xss.js\"></script>"`
	`299`	`+ "output": "<scriptsrc=\"http://ha.ckers.org/xss.js\" xss=\"\"></script>"`
`300`	`300`	`},`
`301`	`301`
`302`	`302`	`{`
`@@ -308,7 +308,7 @@`
`308`	`308`	`{`
`309`	`309`	`"name": "should_sanitize_script_tag_with_multiple_open_brackets_2",`
`310`	`310`	`"input": "<iframe src=http://ha.ckers.org/scriptlet.html\n<",`
`311`		`- "output": "<iframe src=\"http://ha.ckers.org/scriptlet.html\" <=\"\">"`
	`311`	`+ "output": ""`
`312`	`312`	`},`
`313`	`313`
`314`	`314`	`{`
`@@ -320,7 +320,7 @@`
`320`	`320`	`{`
`321`	`321`	`"name": "should_sanitize_unclosed_script",`
`322`	`322`	`"input": "<script src=http://ha.ckers.org/xss.js?<b>",`
`323`		`- "output": "<script src=\"http://ha.ckers.org/xss.js?&lt;b\">"`
	`323`	`+ "output": "<script src=\"http://ha.ckers.org/xss.js?&lt;b\"></script>"`
`324`	`324`	`},`
`325`	`325`
`326`	`326`	`{`
`@@ -367,67 +367,67 @@`
`367`	`367`
`368`	`368`	`{`
`369`	`369`	`"name": "uri_refs_in_svg_attributes",`
`370`		`- "input": "<rect fill='url(#foo)' />",`
`371`		`- "output": "<rect fill='url(#foo)'/>"`
	`370`	`+ "input": "<svg><rect fill='url(#foo)' />",`
	`371`	`+ "output": "<svg><rect fill='url(#foo)'></rect></svg>"`
`372`	`372`	`},`
`373`	`373`
`374`	`374`	`{`
`375`	`375`	`"name": "absolute_uri_refs_in_svg_attributes",`
`376`		`- "input": "<rect fill='url(http://bad.com/) #fff' />",`
`377`		`- "output": "<rect fill=' #fff'/>"`
	`376`	`+ "input": "<svg><rect fill='url(http://bad.com/) #fff' />",`
	`377`	`+ "output": "<svg><rect fill=' #fff'></rect></svg>"`
`378`	`378`	`},`
`379`	`379`
`380`	`380`	`{`
`381`	`381`	`"name": "uri_ref_with_space_in svg_attribute",`
`382`		`- "input": "<rect fill='url(\n#foo)' />",`
`383`		`- "output": "<rect fill='url(\n#foo)'/>"`
	`382`	`+ "input": "<svg><rect fill='url(\n#foo)' />",`
	`383`	`+ "output": "<svg><rect fill='url(\n#foo)'></rect></svg>"`
`384`	`384`	`},`
`385`	`385`
`386`	`386`	`{`
`387`	`387`	`"name": "absolute_uri_ref_with_space_in svg_attribute",`
`388`		`- "input": "<rect fill=\"url(\nhttp://bad.com/)\" />",`
`389`		`- "output": "<rect fill=' '/>"`
	`388`	`+ "input": "<svg><rect fill=\"url(\nhttp://bad.com/)\" />",`
	`389`	`+ "output": "<svg><rect fill=' '></rect></svg>"`
`390`	`390`	`},`
`391`	`391`
`392`	`392`	`{`
`393`	`393`	`"name": "allow_html5_image_tag",`
`394`	`394`	`"input": "<image src='foo' />",`
`395`		`- "output": "<image src=\"foo\"/>"`
	`395`	`+ "output": "<img src='foo'/>"`
`396`	`396`	`},`
`397`	`397`
`398`	`398`	`{`
`399`	`399`	`"name": "style_attr_end_with_nothing",`
`400`	`400`	`"input": "<div style=\"color: blue\" />",`
`401`		`- "output": "<div style='color: blue;'/>"`
	`401`	`+ "output": "<div style='color: blue;'></div>"`
`402`	`402`	`},`
`403`	`403`
`404`	`404`	`{`
`405`	`405`	`"name": "style_attr_end_with_space",`
`406`	`406`	`"input": "<div style=\"color: blue \" />",`
`407`		`- "output": "<div style='color: blue ;'/>"`
	`407`	`+ "output": "<div style='color: blue ;'></div>"`
`408`	`408`	`},`
`409`	`409`
`410`	`410`	`{`
`411`	`411`	`"name": "style_attr_end_with_semicolon",`
`412`	`412`	`"input": "<div style=\"color: blue;\" />",`
`413`		`- "output": "<div style='color: blue;'/>"`
	`413`	`+ "output": "<div style='color: blue;'></div>"`
`414`	`414`	`},`
`415`	`415`
`416`	`416`	`{`
`417`	`417`	`"name": "style_attr_end_with_semicolon_space",`
`418`	`418`	`"input": "<div style=\"color: blue; \" />",`
`419`		`- "output": "<div style='color: blue;'/>"`
	`419`	`+ "output": "<div style='color: blue;'></div>"`
`420`	`420`	`},`
`421`	`421`
`422`	`422`	`{`
`423`	`423`	`"name": "attributes_with_embedded_quotes",`
`424`	`424`	`"input": "<img src=doesntexist.jpg\"'onerror=\"alert(1) />",`
`425`		`- "output": "<img src='doesntexist.jpg"'onerror="alert(1)'/>"`
	`425`	`+ "output": "<img src='doesntexist.jpg\"'onerror=\"alert(1)'/>"`
`426`	`426`	`},`
`427`	`427`
`428`	`428`	`{`
`429`	`429`	`"name": "attributes_with_embedded_quotes_II",`
`430`	`430`	`"input": "<img src=notthere.jpg\"\"onerror=\"alert(2) />",`
`431`		`- "output": "<img src='notthere.jpg""onerror="alert(2)'/>"`
	`431`	`+ "output": "<img src='notthere.jpg\"\"onerror=\"alert(2)'/>"`
`432`	`432`	`}`
`433`	`433`	`]`

`‎html5lib/tests/sanitizer.py`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,8 @@ def runtest(self):`
`33`	`33`	`use_trailing_solidus=True,`
`34`	`34`	`space_before_trailing_solidus=False,`
`35`	`35`	`quote_attr_values=True,`
`36`		`-quote_char="'")`
	`36`	`+quote_char="'",`
	`37`	`+alphabeticalize_attributes=True)`
`37`	`38`	`errorMsg="\n".join(["\n\nInput:",input,`
`38`	`39`	`"\nExpected:",expected,`
`39`	`40`	`"\nReceived:",serialized])`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit32a7936

File tree

2 files changed

2 files changed

`‎html5lib/tests/sanitizer-testdata/tests1.dat`

`‎html5lib/tests/sanitizer.py`

0 commit comments