blob: 9b39c45bdb28cb71226ab1c1a8aa1b726d9c8634 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.MRF.NormalizeMarkupTest do
use Pleroma.DataCase
alias Pleroma.Web.ActivityPub.MRF.NormalizeMarkup
@html_sample """
<b>this is in bold</b>
<p>this is a paragraph</p>
this is a linebreak<br />
this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
this is a link with not allowed "rel" attribute: <a href="http://example.com/" rel="tag noallowed">example.com</a>
this is an image: <img src="http://example.com/image.jpg"><br />
<script>alert('hacked')</script>
"""
test "it filter html tags" do
expected = """
<b>this is in bold</b>
<p>this is a paragraph</p>
this is a linebreak<br/>
this is a link with allowed "rel" attribute: <a href="http://example.com/" rel="tag">example.com</a>
this is a link with not allowed "rel" attribute: <a href="http://example.com/">example.com</a>
this is an image: <img src="http://example.com/image.jpg"/><br/>
alert('hacked')
"""
message = %{"type" => "Create", "object" => %{"content" => @html_sample}}
assert {:ok, res} = NormalizeMarkup.filter(message)
assert res["object"]["content"] == expected
end
test "it skips filter if type isn't `Create`" do
message = %{"type" => "Note", "object" => %{}}
assert {:ok, res} = NormalizeMarkup.filter(message)
assert res == message
end
end
|
