diff options
Diffstat (limited to 'tests/safe_mode')
-rw-r--r-- | tests/safe_mode/inline-html-advanced.html | 11 | ||||
-rw-r--r-- | tests/safe_mode/inline-html-advanced.txt | 14 | ||||
-rw-r--r-- | tests/safe_mode/inline-html-comments.html | 8 | ||||
-rw-r--r-- | tests/safe_mode/inline-html-comments.txt | 13 | ||||
-rw-r--r-- | tests/safe_mode/inline-html-simple.html | 45 | ||||
-rw-r--r-- | tests/safe_mode/inline-html-simple.txt | 69 | ||||
-rw-r--r-- | tests/safe_mode/remove.html | 34 | ||||
-rw-r--r-- | tests/safe_mode/remove.txt | 69 | ||||
-rw-r--r-- | tests/safe_mode/replace.html | 34 | ||||
-rw-r--r-- | tests/safe_mode/replace.txt | 69 | ||||
-rw-r--r-- | tests/safe_mode/script_tags.html | 28 | ||||
-rw-r--r-- | tests/safe_mode/script_tags.txt | 33 | ||||
-rw-r--r-- | tests/safe_mode/test.cfg | 8 | ||||
-rw-r--r-- | tests/safe_mode/unsafe_urls.html | 20 | ||||
-rw-r--r-- | tests/safe_mode/unsafe_urls.txt | 27 |
15 files changed, 482 insertions, 0 deletions
diff --git a/tests/safe_mode/inline-html-advanced.html b/tests/safe_mode/inline-html-advanced.html new file mode 100644 index 0000000..e9dd2ec --- /dev/null +++ b/tests/safe_mode/inline-html-advanced.html @@ -0,0 +1,11 @@ +<p>Simple block on one line:</p> +<p><div>foo</div></p> +<p>And nested without indentation:</p> +<p><div> +<div> +<div> +foo +</div> +</div> +<div>bar</div> +</div></p>
\ No newline at end of file diff --git a/tests/safe_mode/inline-html-advanced.txt b/tests/safe_mode/inline-html-advanced.txt new file mode 100644 index 0000000..9d71ddc --- /dev/null +++ b/tests/safe_mode/inline-html-advanced.txt @@ -0,0 +1,14 @@ +Simple block on one line: + +<div>foo</div> + +And nested without indentation: + +<div> +<div> +<div> +foo +</div> +</div> +<div>bar</div> +</div> diff --git a/tests/safe_mode/inline-html-comments.html b/tests/safe_mode/inline-html-comments.html new file mode 100644 index 0000000..0f1e417 --- /dev/null +++ b/tests/safe_mode/inline-html-comments.html @@ -0,0 +1,8 @@ +<p>Paragraph one.</p> +<p><!-- This is a simple comment --></p> +<p><!-- + This is another comment. +--></p> +<p>Paragraph two.</p> +<p><!-- one comment block -- -- with two comments --></p> +<p>The end.</p>
\ No newline at end of file diff --git a/tests/safe_mode/inline-html-comments.txt b/tests/safe_mode/inline-html-comments.txt new file mode 100644 index 0000000..41d830d --- /dev/null +++ b/tests/safe_mode/inline-html-comments.txt @@ -0,0 +1,13 @@ +Paragraph one. + +<!-- This is a simple comment --> + +<!-- + This is another comment. +--> + +Paragraph two. + +<!-- one comment block -- -- with two comments --> + +The end. diff --git a/tests/safe_mode/inline-html-simple.html b/tests/safe_mode/inline-html-simple.html new file mode 100644 index 0000000..ad19a77 --- /dev/null +++ b/tests/safe_mode/inline-html-simple.html @@ -0,0 +1,45 @@ +<p>Here's a simple block:</p> +<p><div> + foo +</div></p> +<p>This should be a code block, though:</p> +<pre><code><div> + foo +</div> +</code></pre> +<p>As should this:</p> +<pre><code><div>foo</div> +</code></pre> +<p>Now, nested:</p> +<p><div> + <div> + <div> + foo + </div> + </div> +</div></p> +<p>This should just be an HTML comment:</p> +<p><!-- Comment --></p> +<p>Multiline:</p> +<p><!-- +Blah +Blah +--></p> +<p>Code block:</p> +<pre><code><!-- Comment --> +</code></pre> +<p>Just plain comment, with trailing spaces on the line:</p> +<p><!-- foo --></p> +<p>Code:</p> +<pre><code><hr /> +</code></pre> +<p>Hr's:</p> +<p><hr></p> +<p><hr/></p> +<p><hr /></p> +<p><hr></p> +<p><hr/></p> +<p><hr /></p> +<p><hr class="foo" id="bar" /></p> +<p><hr class="foo" id="bar"/></p> +<p><hr class="foo" id="bar" ></p>
\ No newline at end of file diff --git a/tests/safe_mode/inline-html-simple.txt b/tests/safe_mode/inline-html-simple.txt new file mode 100644 index 0000000..14aa2dc --- /dev/null +++ b/tests/safe_mode/inline-html-simple.txt @@ -0,0 +1,69 @@ +Here's a simple block: + +<div> + foo +</div> + +This should be a code block, though: + + <div> + foo + </div> + +As should this: + + <div>foo</div> + +Now, nested: + +<div> + <div> + <div> + foo + </div> + </div> +</div> + +This should just be an HTML comment: + +<!-- Comment --> + +Multiline: + +<!-- +Blah +Blah +--> + +Code block: + + <!-- Comment --> + +Just plain comment, with trailing spaces on the line: + +<!-- foo --> + +Code: + + <hr /> + +Hr's: + +<hr> + +<hr/> + +<hr /> + +<hr> + +<hr/> + +<hr /> + +<hr class="foo" id="bar" /> + +<hr class="foo" id="bar"/> + +<hr class="foo" id="bar" > + diff --git a/tests/safe_mode/remove.html b/tests/safe_mode/remove.html new file mode 100644 index 0000000..a1e1626 --- /dev/null +++ b/tests/safe_mode/remove.html @@ -0,0 +1,34 @@ +<p>Here's a simple block:</p> +<p></p> +<p>This should be a code block, though:</p> +<pre><code><div> + foo +</div> +</code></pre> +<p>As should this:</p> +<pre><code><div>foo</div> +</code></pre> +<p>Now, nested:</p> +<p></p> +<p>This should just be an HTML comment:</p> +<p></p> +<p>Multiline:</p> +<p></p> +<p>Code block:</p> +<pre><code><!-- Comment --> +</code></pre> +<p>Just plain comment, with trailing spaces on the line:</p> +<p></p> +<p>Code:</p> +<pre><code><hr /> +</code></pre> +<p>Hr's:</p> +<p></p> +<p></p> +<p></p> +<p></p> +<p></p> +<p></p> +<p></p> +<p></p> +<p></p>
\ No newline at end of file diff --git a/tests/safe_mode/remove.txt b/tests/safe_mode/remove.txt new file mode 100644 index 0000000..14aa2dc --- /dev/null +++ b/tests/safe_mode/remove.txt @@ -0,0 +1,69 @@ +Here's a simple block: + +<div> + foo +</div> + +This should be a code block, though: + + <div> + foo + </div> + +As should this: + + <div>foo</div> + +Now, nested: + +<div> + <div> + <div> + foo + </div> + </div> +</div> + +This should just be an HTML comment: + +<!-- Comment --> + +Multiline: + +<!-- +Blah +Blah +--> + +Code block: + + <!-- Comment --> + +Just plain comment, with trailing spaces on the line: + +<!-- foo --> + +Code: + + <hr /> + +Hr's: + +<hr> + +<hr/> + +<hr /> + +<hr> + +<hr/> + +<hr /> + +<hr class="foo" id="bar" /> + +<hr class="foo" id="bar"/> + +<hr class="foo" id="bar" > + diff --git a/tests/safe_mode/replace.html b/tests/safe_mode/replace.html new file mode 100644 index 0000000..fdf666e --- /dev/null +++ b/tests/safe_mode/replace.html @@ -0,0 +1,34 @@ +<p>Here's a simple block:</p> +<p>[HTML_REMOVED]</p> +<p>This should be a code block, though:</p> +<pre><code><div> + foo +</div> +</code></pre> +<p>As should this:</p> +<pre><code><div>foo</div> +</code></pre> +<p>Now, nested:</p> +<p>[HTML_REMOVED]</p> +<p>This should just be an HTML comment:</p> +<p>[HTML_REMOVED]</p> +<p>Multiline:</p> +<p>[HTML_REMOVED]</p> +<p>Code block:</p> +<pre><code><!-- Comment --> +</code></pre> +<p>Just plain comment, with trailing spaces on the line:</p> +<p>[HTML_REMOVED]</p> +<p>Code:</p> +<pre><code><hr /> +</code></pre> +<p>Hr's:</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p> +<p>[HTML_REMOVED]</p>
\ No newline at end of file diff --git a/tests/safe_mode/replace.txt b/tests/safe_mode/replace.txt new file mode 100644 index 0000000..14aa2dc --- /dev/null +++ b/tests/safe_mode/replace.txt @@ -0,0 +1,69 @@ +Here's a simple block: + +<div> + foo +</div> + +This should be a code block, though: + + <div> + foo + </div> + +As should this: + + <div>foo</div> + +Now, nested: + +<div> + <div> + <div> + foo + </div> + </div> +</div> + +This should just be an HTML comment: + +<!-- Comment --> + +Multiline: + +<!-- +Blah +Blah +--> + +Code block: + + <!-- Comment --> + +Just plain comment, with trailing spaces on the line: + +<!-- foo --> + +Code: + + <hr /> + +Hr's: + +<hr> + +<hr/> + +<hr /> + +<hr> + +<hr/> + +<hr /> + +<hr class="foo" id="bar" /> + +<hr class="foo" id="bar"/> + +<hr class="foo" id="bar" > + diff --git a/tests/safe_mode/script_tags.html b/tests/safe_mode/script_tags.html new file mode 100644 index 0000000..df63ffc --- /dev/null +++ b/tests/safe_mode/script_tags.html @@ -0,0 +1,28 @@ +<p>This should be stripped/escaped in safe_mode.</p> +<p><script> +alert("Hello world!") +</script></p> +<p>With blank lines.</p> +<p><script> + +alert("Hello world!") + +</script></p> +<p>Now with some weirdness</p> +<p><code><script <!-- +alert("Hello world!") +</script <></code> `</p> +<p>Try another way.</p> +<p><script <!-- +alert("Hello world!") +</script <> + +This time with blank lines. + +<script <!-- + +alert("Hello world!") + +</script <> + +</p>
\ No newline at end of file diff --git a/tests/safe_mode/script_tags.txt b/tests/safe_mode/script_tags.txt new file mode 100644 index 0000000..44041c2 --- /dev/null +++ b/tests/safe_mode/script_tags.txt @@ -0,0 +1,33 @@ +This should be stripped/escaped in safe_mode. + +<script> +alert("Hello world!") +</script> + +With blank lines. + +<script> + +alert("Hello world!") + +</script> + +Now with some weirdness + +``<script <!-- +alert("Hello world!") +</script <>`` ` + +Try another way. + +<script <!-- +alert("Hello world!") +</script <> + +This time with blank lines. + +<script <!-- + +alert("Hello world!") + +</script <> diff --git a/tests/safe_mode/test.cfg b/tests/safe_mode/test.cfg new file mode 100644 index 0000000..57f0b6a --- /dev/null +++ b/tests/safe_mode/test.cfg @@ -0,0 +1,8 @@ +[DEFAULT] +safe_mode=escape + +[remove] +safe_mode=remove + +[replace] +safe_mode=replace diff --git a/tests/safe_mode/unsafe_urls.html b/tests/safe_mode/unsafe_urls.html new file mode 100644 index 0000000..e617f35 --- /dev/null +++ b/tests/safe_mode/unsafe_urls.html @@ -0,0 +1,20 @@ +<p>These links should be unsafe and not allowed in safe_mode</p> +<p><a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a> +<a href="">link</a></p> +<p><img alt="img" src="" /> +<a href="">ref</a> +<img alt="imgref" src="" /></p> +<p>These should work regardless:</p> +<p><a href="relative/url.html">relative</a> +<a href="mailto:foo@bar.com">email</a> +<a href="news:some.news.group.com">news scheme</a> +<a href="http://example.com">http link</a></p>
\ No newline at end of file diff --git a/tests/safe_mode/unsafe_urls.txt b/tests/safe_mode/unsafe_urls.txt new file mode 100644 index 0000000..7bfd81d --- /dev/null +++ b/tests/safe_mode/unsafe_urls.txt @@ -0,0 +1,27 @@ +These links should be unsafe and not allowed in safe_mode + +[link](javascript:alert%28'Hello%20world!'%29) +[link](vbscript:msgbox%28%22Hello%20world!%22%29) +[link](livescript:alert%28'Hello%20world!'%29) +[link](mocha:[code]) +[link](jAvAsCrIpT:alert%28'Hello%20world!'%29) +[link](ja vas cr ipt:alert%28'Hello%20world!'%29) +[link](ja vas cr ipt:alert%28'Hello%20world!'%29) +[link](ja vas cr ipt:alert%28'Hello%20world!'%29) +[link](ja%09 %0Avas cr
ipt:alert%28'Hello%20world!'%29) +[link](ja%20vas%20cr%20ipt:alert%28'Hello%20world!'%29) +[link](live%20script:alert%28'Hello%20world!'%29) + +![img](javascript:alert%29'XSS'%29) +[ref][] +![imgref][] + +[ref]: javascript:alert%29'XSS'%29 +[imgref]: javascript:alert%29'XSS'%29 + +These should work regardless: + +[relative](relative/url.html) +[email](mailto:foo@bar.com) +[news scheme](news:some.news.group.com) +[http link](http://example.com) |