aboutsummaryrefslogtreecommitdiffstats
path: root/tests/safe_mode
diff options
context:
space:
mode:
Diffstat (limited to 'tests/safe_mode')
-rw-r--r--tests/safe_mode/inline-html-advanced.html11
-rw-r--r--tests/safe_mode/inline-html-advanced.txt14
-rw-r--r--tests/safe_mode/inline-html-comments.html8
-rw-r--r--tests/safe_mode/inline-html-comments.txt13
-rw-r--r--tests/safe_mode/inline-html-simple.html45
-rw-r--r--tests/safe_mode/inline-html-simple.txt69
-rw-r--r--tests/safe_mode/remove.html34
-rw-r--r--tests/safe_mode/remove.txt69
-rw-r--r--tests/safe_mode/replace.html34
-rw-r--r--tests/safe_mode/replace.txt69
-rw-r--r--tests/safe_mode/script_tags.html28
-rw-r--r--tests/safe_mode/script_tags.txt33
-rw-r--r--tests/safe_mode/test.cfg8
-rw-r--r--tests/safe_mode/unsafe_urls.html20
-rw-r--r--tests/safe_mode/unsafe_urls.txt27
15 files changed, 482 insertions, 0 deletions
diff --git a/tests/safe_mode/inline-html-advanced.html b/tests/safe_mode/inline-html-advanced.html
new file mode 100644
index 0000000..e9dd2ec
--- /dev/null
+++ b/tests/safe_mode/inline-html-advanced.html
@@ -0,0 +1,11 @@
+<p>Simple block on one line:</p>
+<p>&lt;div&gt;foo&lt;/div&gt;</p>
+<p>And nested without indentation:</p>
+<p>&lt;div&gt;
+&lt;div&gt;
+&lt;div&gt;
+foo
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;div&gt;bar&lt;/div&gt;
+&lt;/div&gt;</p> \ No newline at end of file
diff --git a/tests/safe_mode/inline-html-advanced.txt b/tests/safe_mode/inline-html-advanced.txt
new file mode 100644
index 0000000..9d71ddc
--- /dev/null
+++ b/tests/safe_mode/inline-html-advanced.txt
@@ -0,0 +1,14 @@
+Simple block on one line:
+
+<div>foo</div>
+
+And nested without indentation:
+
+<div>
+<div>
+<div>
+foo
+</div>
+</div>
+<div>bar</div>
+</div>
diff --git a/tests/safe_mode/inline-html-comments.html b/tests/safe_mode/inline-html-comments.html
new file mode 100644
index 0000000..0f1e417
--- /dev/null
+++ b/tests/safe_mode/inline-html-comments.html
@@ -0,0 +1,8 @@
+<p>Paragraph one.</p>
+<p>&lt;!-- This is a simple comment --&gt;</p>
+<p>&lt;!--
+ This is another comment.
+--&gt;</p>
+<p>Paragraph two.</p>
+<p>&lt;!-- one comment block -- -- with two comments --&gt;</p>
+<p>The end.</p> \ No newline at end of file
diff --git a/tests/safe_mode/inline-html-comments.txt b/tests/safe_mode/inline-html-comments.txt
new file mode 100644
index 0000000..41d830d
--- /dev/null
+++ b/tests/safe_mode/inline-html-comments.txt
@@ -0,0 +1,13 @@
+Paragraph one.
+
+<!-- This is a simple comment -->
+
+<!--
+ This is another comment.
+-->
+
+Paragraph two.
+
+<!-- one comment block -- -- with two comments -->
+
+The end.
diff --git a/tests/safe_mode/inline-html-simple.html b/tests/safe_mode/inline-html-simple.html
new file mode 100644
index 0000000..ad19a77
--- /dev/null
+++ b/tests/safe_mode/inline-html-simple.html
@@ -0,0 +1,45 @@
+<p>Here's a simple block:</p>
+<p>&lt;div&gt;
+ foo
+&lt;/div&gt;</p>
+<p>This should be a code block, though:</p>
+<pre><code>&lt;div&gt;
+ foo
+&lt;/div&gt;
+</code></pre>
+<p>As should this:</p>
+<pre><code>&lt;div&gt;foo&lt;/div&gt;
+</code></pre>
+<p>Now, nested:</p>
+<p>&lt;div&gt;
+ &lt;div&gt;
+ &lt;div&gt;
+ foo
+ &lt;/div&gt;
+ &lt;/div&gt;
+&lt;/div&gt;</p>
+<p>This should just be an HTML comment:</p>
+<p>&lt;!-- Comment --&gt;</p>
+<p>Multiline:</p>
+<p>&lt;!--
+Blah
+Blah
+--&gt;</p>
+<p>Code block:</p>
+<pre><code>&lt;!-- Comment --&gt;
+</code></pre>
+<p>Just plain comment, with trailing spaces on the line:</p>
+<p>&lt;!-- foo --&gt;</p>
+<p>Code:</p>
+<pre><code>&lt;hr /&gt;
+</code></pre>
+<p>Hr's:</p>
+<p>&lt;hr&gt;</p>
+<p>&lt;hr/&gt;</p>
+<p>&lt;hr /&gt;</p>
+<p>&lt;hr&gt;</p>
+<p>&lt;hr/&gt;</p>
+<p>&lt;hr /&gt;</p>
+<p>&lt;hr class=&quot;foo&quot; id=&quot;bar&quot; /&gt;</p>
+<p>&lt;hr class=&quot;foo&quot; id=&quot;bar&quot;/&gt;</p>
+<p>&lt;hr class=&quot;foo&quot; id=&quot;bar&quot; &gt;</p> \ No newline at end of file
diff --git a/tests/safe_mode/inline-html-simple.txt b/tests/safe_mode/inline-html-simple.txt
new file mode 100644
index 0000000..14aa2dc
--- /dev/null
+++ b/tests/safe_mode/inline-html-simple.txt
@@ -0,0 +1,69 @@
+Here's a simple block:
+
+<div>
+ foo
+</div>
+
+This should be a code block, though:
+
+ <div>
+ foo
+ </div>
+
+As should this:
+
+ <div>foo</div>
+
+Now, nested:
+
+<div>
+ <div>
+ <div>
+ foo
+ </div>
+ </div>
+</div>
+
+This should just be an HTML comment:
+
+<!-- Comment -->
+
+Multiline:
+
+<!--
+Blah
+Blah
+-->
+
+Code block:
+
+ <!-- Comment -->
+
+Just plain comment, with trailing spaces on the line:
+
+<!-- foo -->
+
+Code:
+
+ <hr />
+
+Hr's:
+
+<hr>
+
+<hr/>
+
+<hr />
+
+<hr>
+
+<hr/>
+
+<hr />
+
+<hr class="foo" id="bar" />
+
+<hr class="foo" id="bar"/>
+
+<hr class="foo" id="bar" >
+
diff --git a/tests/safe_mode/remove.html b/tests/safe_mode/remove.html
new file mode 100644
index 0000000..a1e1626
--- /dev/null
+++ b/tests/safe_mode/remove.html
@@ -0,0 +1,34 @@
+<p>Here's a simple block:</p>
+<p></p>
+<p>This should be a code block, though:</p>
+<pre><code>&lt;div&gt;
+ foo
+&lt;/div&gt;
+</code></pre>
+<p>As should this:</p>
+<pre><code>&lt;div&gt;foo&lt;/div&gt;
+</code></pre>
+<p>Now, nested:</p>
+<p></p>
+<p>This should just be an HTML comment:</p>
+<p></p>
+<p>Multiline:</p>
+<p></p>
+<p>Code block:</p>
+<pre><code>&lt;!-- Comment --&gt;
+</code></pre>
+<p>Just plain comment, with trailing spaces on the line:</p>
+<p></p>
+<p>Code:</p>
+<pre><code>&lt;hr /&gt;
+</code></pre>
+<p>Hr's:</p>
+<p></p>
+<p></p>
+<p></p>
+<p></p>
+<p></p>
+<p></p>
+<p></p>
+<p></p>
+<p></p> \ No newline at end of file
diff --git a/tests/safe_mode/remove.txt b/tests/safe_mode/remove.txt
new file mode 100644
index 0000000..14aa2dc
--- /dev/null
+++ b/tests/safe_mode/remove.txt
@@ -0,0 +1,69 @@
+Here's a simple block:
+
+<div>
+ foo
+</div>
+
+This should be a code block, though:
+
+ <div>
+ foo
+ </div>
+
+As should this:
+
+ <div>foo</div>
+
+Now, nested:
+
+<div>
+ <div>
+ <div>
+ foo
+ </div>
+ </div>
+</div>
+
+This should just be an HTML comment:
+
+<!-- Comment -->
+
+Multiline:
+
+<!--
+Blah
+Blah
+-->
+
+Code block:
+
+ <!-- Comment -->
+
+Just plain comment, with trailing spaces on the line:
+
+<!-- foo -->
+
+Code:
+
+ <hr />
+
+Hr's:
+
+<hr>
+
+<hr/>
+
+<hr />
+
+<hr>
+
+<hr/>
+
+<hr />
+
+<hr class="foo" id="bar" />
+
+<hr class="foo" id="bar"/>
+
+<hr class="foo" id="bar" >
+
diff --git a/tests/safe_mode/replace.html b/tests/safe_mode/replace.html
new file mode 100644
index 0000000..fdf666e
--- /dev/null
+++ b/tests/safe_mode/replace.html
@@ -0,0 +1,34 @@
+<p>Here's a simple block:</p>
+<p>[HTML_REMOVED]</p>
+<p>This should be a code block, though:</p>
+<pre><code>&lt;div&gt;
+ foo
+&lt;/div&gt;
+</code></pre>
+<p>As should this:</p>
+<pre><code>&lt;div&gt;foo&lt;/div&gt;
+</code></pre>
+<p>Now, nested:</p>
+<p>[HTML_REMOVED]</p>
+<p>This should just be an HTML comment:</p>
+<p>[HTML_REMOVED]</p>
+<p>Multiline:</p>
+<p>[HTML_REMOVED]</p>
+<p>Code block:</p>
+<pre><code>&lt;!-- Comment --&gt;
+</code></pre>
+<p>Just plain comment, with trailing spaces on the line:</p>
+<p>[HTML_REMOVED]</p>
+<p>Code:</p>
+<pre><code>&lt;hr /&gt;
+</code></pre>
+<p>Hr's:</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p>
+<p>[HTML_REMOVED]</p> \ No newline at end of file
diff --git a/tests/safe_mode/replace.txt b/tests/safe_mode/replace.txt
new file mode 100644
index 0000000..14aa2dc
--- /dev/null
+++ b/tests/safe_mode/replace.txt
@@ -0,0 +1,69 @@
+Here's a simple block:
+
+<div>
+ foo
+</div>
+
+This should be a code block, though:
+
+ <div>
+ foo
+ </div>
+
+As should this:
+
+ <div>foo</div>
+
+Now, nested:
+
+<div>
+ <div>
+ <div>
+ foo
+ </div>
+ </div>
+</div>
+
+This should just be an HTML comment:
+
+<!-- Comment -->
+
+Multiline:
+
+<!--
+Blah
+Blah
+-->
+
+Code block:
+
+ <!-- Comment -->
+
+Just plain comment, with trailing spaces on the line:
+
+<!-- foo -->
+
+Code:
+
+ <hr />
+
+Hr's:
+
+<hr>
+
+<hr/>
+
+<hr />
+
+<hr>
+
+<hr/>
+
+<hr />
+
+<hr class="foo" id="bar" />
+
+<hr class="foo" id="bar"/>
+
+<hr class="foo" id="bar" >
+
diff --git a/tests/safe_mode/script_tags.html b/tests/safe_mode/script_tags.html
new file mode 100644
index 0000000..df63ffc
--- /dev/null
+++ b/tests/safe_mode/script_tags.html
@@ -0,0 +1,28 @@
+<p>This should be stripped/escaped in safe_mode.</p>
+<p>&lt;script&gt;
+alert(&quot;Hello world!&quot;)
+&lt;/script&gt;</p>
+<p>With blank lines.</p>
+<p>&lt;script&gt;
+
+alert(&quot;Hello world!&quot;)
+
+&lt;/script&gt;</p>
+<p>Now with some weirdness</p>
+<p><code>&lt;script &lt;!--
+alert("Hello world!")
+&lt;/script &lt;&gt;</code> `</p>
+<p>Try another way.</p>
+<p>&lt;script &lt;!--
+alert(&quot;Hello world!&quot;)
+&lt;/script &lt;&gt;
+
+This time with blank lines.
+
+&lt;script &lt;!--
+
+alert(&quot;Hello world!&quot;)
+
+&lt;/script &lt;&gt;
+
+</p> \ No newline at end of file
diff --git a/tests/safe_mode/script_tags.txt b/tests/safe_mode/script_tags.txt
new file mode 100644
index 0000000..44041c2
--- /dev/null
+++ b/tests/safe_mode/script_tags.txt
@@ -0,0 +1,33 @@
+This should be stripped/escaped in safe_mode.
+
+<script>
+alert("Hello world!")
+</script>
+
+With blank lines.
+
+<script>
+
+alert("Hello world!")
+
+</script>
+
+Now with some weirdness
+
+``<script <!--
+alert("Hello world!")
+</script <>`` `
+
+Try another way.
+
+<script <!--
+alert("Hello world!")
+</script <>
+
+This time with blank lines.
+
+<script <!--
+
+alert("Hello world!")
+
+</script <>
diff --git a/tests/safe_mode/test.cfg b/tests/safe_mode/test.cfg
new file mode 100644
index 0000000..57f0b6a
--- /dev/null
+++ b/tests/safe_mode/test.cfg
@@ -0,0 +1,8 @@
+[DEFAULT]
+safe_mode=escape
+
+[remove]
+safe_mode=remove
+
+[replace]
+safe_mode=replace
diff --git a/tests/safe_mode/unsafe_urls.html b/tests/safe_mode/unsafe_urls.html
new file mode 100644
index 0000000..e617f35
--- /dev/null
+++ b/tests/safe_mode/unsafe_urls.html
@@ -0,0 +1,20 @@
+<p>These links should be unsafe and not allowed in safe_mode</p>
+<p><a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a>
+<a href="">link</a></p>
+<p><img alt="img" src="" />
+<a href="">ref</a>
+<img alt="imgref" src="" /></p>
+<p>These should work regardless:</p>
+<p><a href="relative/url.html">relative</a>
+<a href="mailto:foo@bar.com">email</a>
+<a href="news:some.news.group.com">news scheme</a>
+<a href="http://example.com">http link</a></p> \ No newline at end of file
diff --git a/tests/safe_mode/unsafe_urls.txt b/tests/safe_mode/unsafe_urls.txt
new file mode 100644
index 0000000..7bfd81d
--- /dev/null
+++ b/tests/safe_mode/unsafe_urls.txt
@@ -0,0 +1,27 @@
+These links should be unsafe and not allowed in safe_mode
+
+[link](javascript:alert%28'Hello%20world!'%29)
+[link](vbscript:msgbox%28%22Hello%20world!%22%29)
+[link](livescript:alert%28'Hello%20world!'%29)
+[link](mocha:[code])
+[link](jAvAsCrIpT:alert%28'Hello%20world!'%29)
+[link](ja&#32;vas&#32;cr&#32;ipt:alert%28'Hello%20world!'%29)
+[link](ja&#00032;vas&#32;cr&#32;ipt:alert%28'Hello%20world!'%29)
+[link](ja&#x00020;vas&#32;cr&#32;ipt:alert%28'Hello%20world!'%29)
+[link](ja%09&#x20;%0Avas&#32;cr&#x0a;ipt:alert%28'Hello%20world!'%29)
+[link](ja%20vas%20cr%20ipt:alert%28'Hello%20world!'%29)
+[link](live%20script:alert%28'Hello%20world!'%29)
+
+![img](javascript:alert%29'XSS'%29)
+[ref][]
+![imgref][]
+
+[ref]: javascript:alert%29'XSS'%29
+[imgref]: javascript:alert%29'XSS'%29
+
+These should work regardless:
+
+[relative](relative/url.html)
+[email](mailto:foo@bar.com)
+[news scheme](news:some.news.group.com)
+[http link](http://example.com)