sanitize_config_spec.rb 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. describe Sanitize::Config do
  4. describe '::MASTODON_STRICT' do
  5. subject { Sanitize::Config::MASTODON_STRICT }
  6. it 'converts h1 to p strong' do
  7. expect(Sanitize.fragment('<h1>Foo</h1>', subject)).to eq '<p><strong>Foo</strong></p>'
  8. end
  9. it 'keeps ul' do
  10. expect(Sanitize.fragment('<p>Check out:</p><ul><li>Foo</li><li>Bar</li></ul>', subject)).to eq '<p>Check out:</p><ul><li>Foo</li><li>Bar</li></ul>'
  11. end
  12. it 'keeps start and reversed attributes of ol' do
  13. expect(Sanitize.fragment('<p>Check out:</p><ol start="3" reversed=""><li>Foo</li><li>Bar</li></ol>', subject)).to eq '<p>Check out:</p><ol start="3" reversed=""><li>Foo</li><li>Bar</li></ol>'
  14. end
  15. it 'removes a without href' do
  16. expect(Sanitize.fragment('<a>Test</a>', subject)).to eq 'Test'
  17. end
  18. it 'removes a without href and only keeps text content' do
  19. expect(Sanitize.fragment('<a><span class="invisible">foo&amp;</span><span>Test</span></a>', subject)).to eq 'foo&amp;Test'
  20. end
  21. it 'removes a with unsupported scheme in href' do
  22. expect(Sanitize.fragment('<a href="foo://bar">Test</a>', subject)).to eq 'Test'
  23. end
  24. it 'does not re-interpret HTML when removing unsupported links' do
  25. expect(Sanitize.fragment('<a href="foo://bar">Test&lt;a href="https://example.com"&gt;test&lt;/a&gt;</a>', subject)).to eq 'Test&lt;a href="https://example.com"&gt;test&lt;/a&gt;'
  26. end
  27. it 'keeps a with href' do
  28. expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
  29. end
  30. it 'keeps a with translate="no"' do
  31. expect(Sanitize.fragment('<a href="http://example.com" translate="no">Test</a>', subject)).to eq '<a href="http://example.com" translate="no" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
  32. end
  33. it 'removes "translate" attribute with invalid value' do
  34. expect(Sanitize.fragment('<a href="http://example.com" translate="foo">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
  35. end
  36. it 'removes a with unparsable href' do
  37. expect(Sanitize.fragment('<a href=" https://google.fr">Test</a>', subject)).to eq 'Test'
  38. end
  39. it 'keeps a with supported scheme and no host' do
  40. expect(Sanitize.fragment('<a href="dweb:/a/foo">Test</a>', subject)).to eq '<a href="dweb:/a/foo" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
  41. end
  42. end
  43. end