leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e2272386a13185b03cb989e44262df8c7fa5c239
js-xss/test/test_custom_method.js

306 lines
9.5 KiB
JavaScript
Raw Normal View History

调整测试代码 test_custom_method
2014-02-13 15:10:09 +08:00
/**
* 测试XSS 自定义处理函数
测试文件
2014-02-13 16:38:32 +08:00
*
* @author 老雷<leizongmin@gmail.com>
调整测试代码 test_custom_method
2014-02-13 15:10:09 +08:00
*/
var assert = require('assert');
var xss = require('../');
describe('test custom XSS method', function () {
test: onTag
2014-02-13 15:27:58 +08:00
it('#onTag - match tag', function () {
var source = 'dd<a href="#"><b><c>haha</c></b></a><br>ff';
var i = 0;
var html = xss(source, {
onTag: function (tag, html, options) {
console.log(arguments);
i++;
if (i === 1) {
assert.equal(tag, 'a');
assert.equal(html, '<a href="#">');
assert.equal(options.isClosing, false);
assert.equal(options.position, 2);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 2);
test: onTag
2014-02-13 15:27:58 +08:00
assert.equal(options.isWhite, true);
} else if (i === 2) {
assert.equal(tag, 'b');
assert.equal(html, '<b>');
assert.equal(options.isClosing, false);
assert.equal(options.position, 14);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 14);
test: onTag
2014-02-13 15:27:58 +08:00
assert.equal(options.isWhite, true);
} else if (i === 3) {
assert.equal(tag, 'c');
assert.equal(html, '<c>');
assert.equal(options.isClosing, false);
assert.equal(options.position, 17);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 17);
test: onTag
2014-02-13 15:27:58 +08:00
assert.equal(options.isWhite, false);
} else if (i === 4) {
assert.equal(tag, 'c');
assert.equal(html, '</c>');
assert.equal(options.isClosing, true);
assert.equal(options.position, 30);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 24);
test: onTag
2014-02-13 15:27:58 +08:00
assert.equal(options.isWhite, false);
} else if (i === 5) {
assert.equal(tag, 'b');
assert.equal(html, '</b>');
assert.equal(options.isClosing, true);
assert.equal(options.position, 40);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 28);
test: onTag
2014-02-13 15:27:58 +08:00
assert.equal(options.isWhite, true);
} else if (i === 6) {
assert.equal(tag, 'a');
assert.equal(html, '</a>');
assert.equal(options.isClosing, true);
assert.equal(options.position, 44);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 32);
test: onTag
2014-02-13 15:27:58 +08:00
assert.equal(options.isWhite, true);
} else if (i === 7) {
assert.equal(tag, 'br');
assert.equal(html, '<br>');
assert.equal(options.isClosing, false);
assert.equal(options.position, 48);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 36);
test: onTag
2014-02-13 15:27:58 +08:00
assert.equal(options.isWhite, true);
} else {
throw new Error();
}
}
});
console.log(html);
assert.equal(html, 'dd<a href="#"><b>&lt;c&gt;haha&lt;/c&gt;</b></a><br>ff');
});
it('#onTag - return new html', function () {
var source = 'dd<a href="#"><b><c>haha</c></b></a><br>ff';
var i = 0;
var html = xss(source, {
onTag: function (tag, html, options) {
console.log(html);
return html;
}
});
console.log(html);
assert.equal(html, source);
});
调整测试代码 test_custom_method
2014-02-13 15:10:09 +08:00
test: onIgnoreTag
2014-02-13 15:31:19 +08:00
it('#onIgnoreTag - match tag', function () {
var source = 'dd<a href="#"><b><c>haha</c></b></a><br>ff';
var i = 0;
var html = xss(source, {
onIgnoreTag: function (tag, html, options) {
console.log(arguments);
i++;
if (i === 1) {
assert.equal(tag, 'c');
assert.equal(html, '<c>');
assert.equal(options.isClosing, false);
assert.equal(options.position, 17);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 17);
test: onIgnoreTag
2014-02-13 15:31:19 +08:00
assert.equal(options.isWhite, false);
} else if (i === 2) {
assert.equal(tag, 'c');
assert.equal(html, '</c>');
assert.equal(options.isClosing, true);
assert.equal(options.position, 30);
originPosition改名为sourcePosition
2014-02-13 16:33:35 +08:00
assert.equal(options.sourcePosition, 24);
test: onIgnoreTag
2014-02-13 15:31:19 +08:00
assert.equal(options.isWhite, false);
} else {
throw new Error();
}
}
});
console.log(html);
assert.equal(html, 'dd<a href="#"><b>&lt;c&gt;haha&lt;/c&gt;</b></a><br>ff');
});
it('#onIgnoreTag - return new html', function () {
var source = 'dd<a href="#"><b><c>haha</c></b></a><br>ff';
var i = 0;
var html = xss(source, {
onIgnoreTag: function (tag, html, options) {
console.log(html);
return '[' + (options.isClosing ? '/' : '') + 'removed]';
}
});
console.log(html);
assert.equal(html, 'dd<a href="#"><b>[removed]haha[/removed]</b></a><br>ff');
});
test: onTagAttr
2014-02-13 15:55:36 +08:00
it('#onTagAttr - match attr', function () {
var source = '<a href="#" target="_blank" checked data-a="b">hi</a href="d">';
var i = 0;
var html = xss(source, {
onTagAttr: function (tag, name, value, isWhiteAttr) {
console.log(arguments);
assert.equal(tag, 'a');
i++;
if (i === 1) {
assert.equal(name, 'href');
assert.equal(value, '#');
assert.equal(isWhiteAttr, true);
} else if (i === 2) {
assert.equal(name, 'target');
assert.equal(value, '_blank');
assert.equal(isWhiteAttr, true);
} else if (i === 3) {
assert.equal(name, 'checked');
assert.equal(value, '');
assert.equal(isWhiteAttr, false);
} else if (i === 4) {
assert.equal(name, 'data-a');
assert.equal(value, 'b');
assert.equal(isWhiteAttr, false);
} else {
throw new Error();
}
}
});
console.log(html);
assert.equal(html, '<a href="#" target="_blank">hi</a>');
});
it('#onTagAttr - match attr', function () {
var source = '<a href="#" target="_blank" checked data-a="b">hi</a href="d">';
var i = 0;
var html = xss(source, {
onTagAttr: function (tag, name, value, isWhiteAttr) {
console.log(arguments);
return '$' + name + '$';
}
});
console.log(html);
assert.equal(html, '<a $href$ $target$ $checked$ $data-a$>hi</a>');
});
test: onIgnoreTagAttr
2014-02-13 15:59:37 +08:00
it('#onIgnoreTagAttr - match attr', function () {
var source = '<a href="#" target="_blank" checked data-a="b">hi</a href="d">';
var i = 0;
var html = xss(source, {
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
console.log(arguments);
assert.equal(tag, 'a');
i++;
if (i === 1) {
assert.equal(name, 'checked');
assert.equal(value, '');
assert.equal(isWhiteAttr, false);
} else if (i === 2) {
assert.equal(name, 'data-a');
assert.equal(value, 'b');
assert.equal(isWhiteAttr, false);
} else {
throw new Error();
}
}
});
console.log(html);
assert.equal(html, '<a href="#" target="_blank">hi</a>');
});
it('#onIgnoreTagAttr - match attr', function () {
var source = '<a href="#" target="_blank" checked data-a="b">hi</a href="d">';
var i = 0;
var html = xss(source, {
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
console.log(arguments);
return '$' + name + '$';
}
});
console.log(html);
assert.equal(html, '<a href="#" target="_blank" $checked$ $data-a$>hi</a>');
});
test: escapeHtml
2014-02-13 16:13:26 +08:00
it('#escapeHtml - default', function () {
var source = '<x>yy</x><a>bb</a>';
var html = xss(source);
console.log(html);
assert.equal(html, '&lt;x&gt;yy&lt;/x&gt;<a>bb</a>');
});
it('#escapeHtml - return new value', function () {
var source = '<x>yy</x><a>bb</a>';
var html = xss(source, {
escapeHtml: function (str) {
return (str ? '[' + str + ']' : str);
}
});
console.log(html);
assert.equal(html, '[<x>][yy][</x>]<a>[bb]</a>');
});
test: safeAttrValue
2014-02-13 16:18:10 +08:00
it('#safeAttrValue - default', function () {
var source = '<a href="javascript:alert(/xss/)" title="hi">link</a>';
var html = xss(source);
console.log(html);
assert.equal(html, '<a href="#" title="hi">link</a>');
});
it('#safeAttrValue - return new value', function () {
var source = '<a href="javascript:alert(/xss/)" title="hi">link</a>';
var html = xss(source, {
safeAttrValue: function (tag, name, value) {
console.log(arguments);
assert.equal(tag, 'a');
return '$' + name + '$';
}
});
console.log(html);
assert.equal(html, '<a href="$href$" title="$title$">link</a>');
});
test: stripIgnoreTag
2014-02-13 16:27:49 +08:00
it('#stripIgnoreTag', function () {
var source = '<x>yy</x><a>bb</a>';
var html = xss(source, {
stripIgnoreTag: true
调整测试代码 test_custom_method
2014-02-13 15:10:09 +08:00
});
test: stripIgnoreTag
2014-02-13 16:27:49 +08:00
console.log(html);
assert.equal(html, 'yy<a>bb</a>');
调整测试代码 test_custom_method
2014-02-13 15:10:09 +08:00
});
test: stripIgnoreTagBody
2014-02-13 18:18:43 +08:00
it('#stripTagBody - true', function () {
var source = '<a>link</a><x>haha</x><y>a<y></y>b</y>k';
var html = xss(source, {
stripIgnoreTagBody: true
});
console.log(html);
assert.equal(html, '<a>link</a>bk');
});
it('#stripIgnoreTagBody - *', function () {
var source = '<a>link</a><x>haha</x><y>a<y></y>b</y>k';
var html = xss(source, {
stripIgnoreTagBody: '*'
});
console.log(html);
assert.equal(html, '<a>link</a>bk');
});
it('#stripIgnoreTagBody - [\'x\']', function () {
var source = '<a>link</a><x>haha</x><y>a<y></y>b</y>k';
var html = xss(source, {
stripIgnoreTagBody: ['x']
});
console.log(html);
assert.equal(html, '<a>link</a>&lt;y&gt;a&lt;y&gt;&lt;/y&gt;b&lt;/y&gt;k');
});
it('#stripIgnoreTagBody - [\'x\'] & onIgnoreTag', function () {
var source = '<a>link</a><x>haha</x><y>a<y></y>b</y>k';
var html = xss(source, {
stripIgnoreTagBody: ['x'],
onIgnoreTag: function (tag, html, options) {
return '$' + tag + '$';
}
});
console.log(html);
assert.equal(html, '<a>link</a>$y$a$y$$y$b$y$k');
});
调整测试代码 test_custom_method
2014-02-13 15:10:09 +08:00
});
Reference in New Issue Copy Permalink