2014-02-12 17:59:55 +08:00
|
|
|
/**
|
2017-12-21 14:19:10 +08:00
|
|
|
* tests for html parser
|
2014-02-13 16:38:32 +08:00
|
|
|
*
|
2017-12-21 14:19:10 +08:00
|
|
|
* @author Zongmin Lei<leizongmin@gmail.com>
|
2014-02-12 17:59:55 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
var assert = require('assert');
|
|
|
|
|
var parser = require('../lib/parser');
|
|
|
|
|
var parseTag = parser.parseTag;
|
|
|
|
|
var parseAttr = parser.parseAttr;
|
2015-12-01 22:10:48 +08:00
|
|
|
var debug = require('debug')('xss:test');
|
2014-02-12 17:59:55 +08:00
|
|
|
|
|
|
|
|
describe('test HTML parser', function () {
|
|
|
|
|
|
|
|
|
|
function escapeHtml (html) {
|
|
|
|
|
return html.replace(/</g, '<').replace(/>/g, '>');
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-13 10:34:44 +08:00
|
|
|
function attr (n, v) {
|
|
|
|
|
if (v) {
|
|
|
|
|
return n + '="' + v.replace(/"/g, '"e;') + '"';
|
|
|
|
|
} else {
|
|
|
|
|
return n;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-12 17:59:55 +08:00
|
|
|
it('#parseTag', function () {
|
|
|
|
|
var i = 0;
|
2014-02-13 16:33:35 +08:00
|
|
|
var html = parseTag('hello<A href="#">www</A>ccc<b><br/>', function (sourcePosition, position, tag, html, isClosing) {
|
2014-02-12 17:59:55 +08:00
|
|
|
i++;
|
2015-12-01 22:10:48 +08:00
|
|
|
debug(arguments);
|
2014-02-12 17:59:55 +08:00
|
|
|
if (i === 1) {
|
|
|
|
|
// 第1个标签
|
2014-02-13 16:33:35 +08:00
|
|
|
assert.equal(sourcePosition, 5);
|
2014-02-12 17:59:55 +08:00
|
|
|
assert.equal(position, 5);
|
|
|
|
|
assert.equal(tag, 'a');
|
|
|
|
|
assert.equal(html, '<A href="#">');
|
|
|
|
|
assert.equal(isClosing, false);
|
|
|
|
|
return '[link]';
|
|
|
|
|
} else if (i === 2) {
|
|
|
|
|
// 第2个标签
|
2014-02-13 16:33:35 +08:00
|
|
|
assert.equal(sourcePosition, 20);
|
2014-02-12 17:59:55 +08:00
|
|
|
assert.equal(position, 14);
|
|
|
|
|
assert.equal(tag, 'a');
|
|
|
|
|
assert.equal(html, '</A>');
|
|
|
|
|
assert.equal(isClosing, true);
|
|
|
|
|
return '[/link]';
|
|
|
|
|
} else if (i === 3) {
|
|
|
|
|
// 第3个标签
|
2014-02-13 16:33:35 +08:00
|
|
|
assert.equal(sourcePosition, 27);
|
2014-02-12 17:59:55 +08:00
|
|
|
assert.equal(position, 24);
|
|
|
|
|
assert.equal(tag, 'b');
|
|
|
|
|
assert.equal(html, '<b>');
|
|
|
|
|
assert.equal(isClosing, false);
|
|
|
|
|
return '[B]';
|
2014-02-13 14:58:05 +08:00
|
|
|
} else if (i === 4) {
|
|
|
|
|
// 第4个标签
|
2014-02-13 16:33:35 +08:00
|
|
|
assert.equal(sourcePosition, 30);
|
2014-02-13 14:58:05 +08:00
|
|
|
assert.equal(position, 27);
|
|
|
|
|
assert.equal(tag, 'br');
|
|
|
|
|
assert.equal(html, '<br/>');
|
|
|
|
|
assert.equal(isClosing, false);
|
|
|
|
|
return '[BR]';
|
2014-02-12 17:59:55 +08:00
|
|
|
} else {
|
|
|
|
|
throw new Error();
|
|
|
|
|
}
|
|
|
|
|
}, escapeHtml);
|
2015-12-01 22:10:48 +08:00
|
|
|
debug(html);
|
2014-02-13 14:58:05 +08:00
|
|
|
assert.equal(html, 'hello[link]www[/link]ccc[B][BR]');
|
2014-02-12 17:59:55 +08:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('#parseAttr', function () {
|
2014-02-13 10:26:17 +08:00
|
|
|
var i = 0;
|
|
|
|
|
var html = parseAttr('href="#"attr1=b attr2=c attr3 attr4=\'value4"\'attr5/', function (name, value) {
|
|
|
|
|
i++;
|
2015-12-01 22:10:48 +08:00
|
|
|
debug(arguments);
|
2014-02-13 10:26:17 +08:00
|
|
|
if (i === 1) {
|
|
|
|
|
assert.equal(name, 'href');
|
|
|
|
|
assert.equal(value, '#');
|
|
|
|
|
return attr(name, value);
|
|
|
|
|
} else if (i === 2) {
|
|
|
|
|
assert.equal(name, 'attr1');
|
|
|
|
|
assert.equal(value, 'b');
|
|
|
|
|
return attr(name, value);
|
|
|
|
|
} else if (i === 3) {
|
|
|
|
|
assert.equal(name, 'attr2');
|
|
|
|
|
assert.equal(value, 'c');
|
|
|
|
|
return attr(name, value);
|
|
|
|
|
} else if (i === 4) {
|
|
|
|
|
assert.equal(name, 'attr3');
|
|
|
|
|
assert.equal(value, '');
|
|
|
|
|
return attr(name, value);
|
|
|
|
|
} else if (i === 5) {
|
|
|
|
|
assert.equal(name, 'attr4');
|
|
|
|
|
assert.equal(value, 'value4"');
|
|
|
|
|
return attr(name, value);
|
|
|
|
|
} else if (i === 6) {
|
|
|
|
|
assert.equal(name, 'attr5');
|
|
|
|
|
assert.equal(value, '');
|
|
|
|
|
return attr(name, value);
|
|
|
|
|
} else {
|
|
|
|
|
throw new Error();
|
|
|
|
|
}
|
|
|
|
|
});
|
2015-12-01 22:10:48 +08:00
|
|
|
debug(html);
|
2014-02-13 10:26:17 +08:00
|
|
|
assert.equal(html, 'href="#" attr1="b" attr2="c" attr3 attr4="value4"e;" attr5');
|
2014-02-12 17:59:55 +08:00
|
|
|
});
|
|
|
|
|
|
2014-02-13 10:34:44 +08:00
|
|
|
it('#parseTag & #parseAttr', function () {
|
2014-02-13 16:33:35 +08:00
|
|
|
var html = parseTag('hi:<a href="#"target=_blank title="this is a link">link</a>', function (sourcePosition, position, tag, html, isClosing) {
|
2014-02-13 10:34:44 +08:00
|
|
|
if (tag === 'a') {
|
|
|
|
|
if (isClosing) return '</a>';
|
|
|
|
|
var attrhtml = parseAttr(html.slice(2, -1), function (name, value) {
|
|
|
|
|
if (name === 'href' || name === 'target') {
|
|
|
|
|
return attr(name, value);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
return '<a ' + attrhtml + '>';
|
|
|
|
|
} else {
|
|
|
|
|
return escapeHtml(html);
|
|
|
|
|
}
|
|
|
|
|
}, escapeHtml);
|
2015-12-01 22:10:48 +08:00
|
|
|
debug(html);
|
2014-02-13 10:34:44 +08:00
|
|
|
assert.equal(html, 'hi:<a href="#" target="_blank">link</a>');
|
|
|
|
|
});
|
|
|
|
|
|
2014-02-12 17:59:55 +08:00
|
|
|
});
|
