From 94bb9ead4fdb9965b62bddb8540cff63fe5d85de Mon Sep 17 00:00:00 2001 From: SYM01 <33443792+SYM01@users.noreply.github.com> Date: Wed, 13 Dec 2023 02:54:30 +0800 Subject: [PATCH] [WIP] improve test coverage --- dfa.go | 1 + sanitizer_test.go | 63 ++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 58 insertions(+), 6 deletions(-) diff --git a/dfa.go b/dfa.go index de3a3ef..8f23ff1 100644 --- a/dfa.go +++ b/dfa.go @@ -294,6 +294,7 @@ func (w *writer) sTAGNAME() error { w.lastByte = b w.tag = w.FindTag(w.tagName) + w.nonHTMLTag = w.checkNonHTMLTag(w.tagName) if w.tag == nil { return nil } diff --git a/sanitizer_test.go b/sanitizer_test.go index 7b07f59..78a5c4a 100644 --- a/sanitizer_test.go +++ b/sanitizer_test.go @@ -37,6 +37,60 @@ func ExampleNewWriter() { // true } +func ExampleHTMLSanitizer_keepStyleSheet() { + sanitizer := htmlsanitizer.NewHTMLSanitizer() + sanitizer.AllowList.Tags = append(sanitizer.AllowList.Tags, + &htmlsanitizer.Tag{Name: "style"}, + &htmlsanitizer.Tag{Name: "head"}, + &htmlsanitizer.Tag{Name: "body"}, + &htmlsanitizer.Tag{Name: "html"}, + ) + + data := ` + + + + + +
+

Example Domain

+

More information...

+
+ +` + output, _ := sanitizer.SanitizeString(data) + fmt.Print(output) + // Output: + // + // + // + // + // + // + //
+ //

Example Domain

+ //

More information...

+ //
+ // + // +} + func ExampleHTMLSanitizer_noTagsAllowed() { sanitizer := htmlsanitizer.NewHTMLSanitizer() // just set AllowList to nil to disable all tags @@ -425,7 +479,7 @@ var testCases = []struct { }, { in: ``, - out: "\" SRC=\"httx://xss.rocks/xss.js\">", + out: "", }, { in: `XSS`, @@ -484,10 +538,7 @@ On Mouse Over​ ">”>’> "> "> - - -0 - + @@ -498,7 +549,7 @@ On Mouse Over​ On Mouse Over​ ClickMe - alert(1) CLICKME +CLICKME `,