require 'spec_helper' module Gitlab::Markdown describe SanitizationFilter do def filter(html, options = {}) described_class.call(html, options) end describe 'default whitelist' do it 'sanitizes tags that are not whitelisted' do act = %q{ and no blinks} exp = 'no inputs and no blinks' expect(filter(act).to_html).to eq exp end it 'sanitizes tag attributes' do act = %q{Text} exp = %q{Text} expect(filter(act).to_html).to eq exp end it 'sanitizes javascript in attributes' do act = %q(Text) exp = 'Text' expect(filter(act).to_html).to eq exp end it 'allows whitelisted HTML tags from the user' do exp = act = "

Term: Definition

" expect(filter(act).to_html).to eq exp end it 'sanitizes `class` attribute on any element' do act = %q{Strong} expect(filter(act).to_html).to eq %q{Strong} end it 'sanitizes `id` attribute on any element' do act = %q{Emphasis} expect(filter(act).to_html).to eq %q{Emphasis} end end describe 'custom whitelist' do it 'allows syntax highlighting' do exp = act = %q{

def

} expect(filter(act).to_html).to eq exp end it 'sanitizes `class` attribute from non-highlight spans' do act = %q{def} expect(filter(act).to_html).to eq %q{def} end it 'allows `style` attribute on table elements' do html = <<-HTML.strip_heredoc

Head
Body

HTML doc = filter(html) expect(doc.at_css('th')['style']).to eq 'text-align: center' expect(doc.at_css('td')['style']).to eq 'text-align: right' end it 'allows `span` elements' do exp = act = %q{Hello} expect(filter(act).to_html).to eq exp end it 'removes `rel` attribute from `a` elements' do doc = filter(%q{Link}) expect(doc.css('a').size).to eq 1 expect(doc.at_css('a')['href']).to eq '#' expect(doc.at_css('a')['rel']).to be_nil end it 'removes script-like `href` attribute from `a` elements' do html = %q{Hi} doc = filter(html) expect(doc.css('a').size).to eq 1 expect(doc.at_css('a')['href']).to be_nil end end end end