internal/sanitizer/sanitizer_test.go - pkgsite - Git at Google

 // Copyright 2023 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package sanitizer

 import (
 	"testing"
 )

 func TestSanitizeBytes(t *testing.T) {
 	var testCases = []struct {
 		input, want string
 	}{
 		{
 			"<script>body</script>",
 			"",
 		},
 		{
 			`<a href="%">body</a>`,
 			`<a>body</a>`,
 		},
 		{
 			`<a href="unrecognized://foo">body</a>`,
 			`<a>body</a>`,
 		},
 		{
 			`<p dir="RTL" lang="en" id="foo" title="a title"></p>`,
 			`<p dir="RTL" lang="en" id="foo" title="a title"></p>`,
 		},
 		{
 			`<p dir="ABC" lang="e" id="#foo" title="a title%"></p>`,
 			`<p></p>`,
 		},
 		{
 			`<a href="https://golang.org">body</a>`,
 			`<a href="https://golang.org" rel="nofollow">body</a>`,
 		},
 		{
 			`<script></script><a href="https://golang.org">body</a>`,
 			`<a href="https://golang.org" rel="nofollow">body</a>`,
 		},
 		{
 			`
 <img src="file.jpeg" alt="alt text" usemap="#map" width="600", height="400">

 <map name="map">
 <area shape="rect" coords="1,2,3,4" alt="alt text" href="page.html">
 </map>
 `,
 			`
 <img src="file.jpeg" alt="alt text" usemap="#map" width="600" height="400"/>


 `,
 		},
 		{
 			`<area href="link" rel="value"/>`,
 			``,
 		},
 		{
 			`<p href="notonp">body</p>`,
 			`<p>body</p>`,
 		},
 		{
 			`<blockquote cite="valid_url">body</blockquote>`,
 			`<blockquote cite="valid_url">body</blockquote>`,
 		},
 		{
 			`<blockquote cite="invalid://url">body</blockquote>`,
 			`<blockquote>body</blockquote>`,
 		},
 		{
 			`<!DOCTYPE html>text<!-- comment --><p>`,
 			`text<p></p>`,
 		},
 		{
 			`<article badattr="bad"> <ol> <script> <li>hello</li> </script> <li>thi<wbr/>ng</li> </ol> <ul> </ul> </article>`,
 			`<article> <ol>  <li>thi<wbr/>ng</li> </ol> <ul> </ul> </article>`,
 		},
 		{
 			`<details open="closed"></details>`,
 			`<details></details>`,
 		},
 		{
 			`<details open="open"></details>`,
 			`<details open="open"></details>`,
 		},
 		{
 			`<details open=""></details>`,
 			`<details open=""></details>`,
 		},
 		{
 			`<div align="center">`,
 			`<div align="center"></div>`,
 		},
 		{
 			`<p><bad>A</bad><bad>B</bad></p>`,
 			`<p></p>`,
 		},
 		{
 			`
 <table height="40" width="30" summary="foo">
 	<caption>a caption</caption>
 	<colgroup align="left" valign="BOTTOM" span="4" height="30" width="20%">
 		<col align="justify" span="32" valign="baseline" height="40%" width="40"/>
 	</colgroup>
 	<thead align="LeFt" valign="MiDdLe">
 		<tr align="rIgHt" valign="tOp">
 			<th abbr="hello world" align="right" colspan="4" rowspan="3" headers="foo bar" height="30%" width="4" scope="rowgroup" valign="top" nowrap="">th</th>
 			<td abbr="goodbye world" align="left" colspan="3" rowspan="2" headers="baz quux" height="20" width="50%" scope="col" valign="baseline" nowrap="nowrap">td</td>
 		</tr>
 	</thead>
 	<tbody align="justify" valign="bottom">
 	</tbody>
 	<tfoot align="center" valign="middle">
 	</tfoot>
 </table>
 `, `
 <table height="40" width="30" summary="foo">
 	<caption>a caption</caption>
 	<colgroup align="left" valign="BOTTOM" span="4" height="30" width="20%">
 		<col align="justify" span="32" valign="baseline" height="40%" width="40"/>
 	</colgroup>
 	<thead align="LeFt" valign="MiDdLe">
 		<tr align="rIgHt" valign="tOp">
 			<th abbr="hello world" align="right" colspan="4" rowspan="3" headers="foo bar" height="30%" width="4" scope="rowgroup" valign="top" nowrap="">th</th>
 			<td abbr="goodbye world" align="left" colspan="3" rowspan="2" headers="baz quux" height="20" width="50%" scope="col" valign="baseline" nowrap="nowrap">td</td>
 		</tr>
 	</thead>
 	<tbody align="justify" valign="bottom">
 	</tbody>
 	<tfoot align="center" valign="middle">
 	</tfoot>
 </table>
 `,
 		},
 	}

 	for _, tc := range testCases {
 		got := string(SanitizeBytes([]byte(tc.input)))
 		if got != tc.want {
 			t.Errorf("SanitizeBytes(%q): got %q, want %q", tc.input, got, tc.want)
 		}
 	}
 }
	// Copyright 2023 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package sanitizer

	import (
	"testing"
	)

	func TestSanitizeBytes(t *testing.T) {
	var testCases = []struct {
	input, want string
	}{
	{
	"<script>body</script>",
	"",
	},
	{
	`<a href="%">body</a>`,
	`<a>body</a>`,
	},
	{
	`<a href="unrecognized://foo">body</a>`,
	`<a>body</a>`,
	},
	{
	`<p dir="RTL" lang="en" id="foo" title="a title"></p>`,
	`<p dir="RTL" lang="en" id="foo" title="a title"></p>`,
	},
	{
	`<p dir="ABC" lang="e" id="#foo" title="a title%"></p>`,
	`<p></p>`,
	},
	{
	`<a href="https://golang.org">body</a>`,
	`<a href="https://golang.org" rel="nofollow">body</a>`,
	},
	{
	`<script></script><a href="https://golang.org">body</a>`,
	`<a href="https://golang.org" rel="nofollow">body</a>`,
	},
	{
	`
	<img src="file.jpeg" alt="alt text" usemap="#map" width="600", height="400">

	<map name="map">
	<area shape="rect" coords="1,2,3,4" alt="alt text" href="page.html">
	</map>
	`,
	`
	<img src="file.jpeg" alt="alt text" usemap="#map" width="600" height="400"/>


	`,
	},
	{
	`<area href="link" rel="value"/>`,
	``,
	},
	{
	`<p href="notonp">body</p>`,
	`<p>body</p>`,
	},
	{
	`<blockquote cite="valid_url">body</blockquote>`,
	`<blockquote cite="valid_url">body</blockquote>`,
	},
	{
	`<blockquote cite="invalid://url">body</blockquote>`,
	`<blockquote>body</blockquote>`,
	},
	{
	`<!DOCTYPE html>text<!-- comment --><p>`,
	`text<p></p>`,
	},
	{
	`<article badattr="bad"> <ol> <script> <li>hello</li> </script> <li>thi<wbr/>ng</li> </ol> <ul> </ul> </article>`,
	`<article> <ol> <li>thi<wbr/>ng</li> </ol> <ul> </ul> </article>`,
	},
	{
	`<details open="closed"></details>`,
	`<details></details>`,
	},
	{
	`<details open="open"></details>`,
	`<details open="open"></details>`,
	},
	{
	`<details open=""></details>`,
	`<details open=""></details>`,
	},
	{
	`<div align="center">`,
	`<div align="center"></div>`,
	},
	{
	`<p><bad>A</bad><bad>B</bad></p>`,
	`<p></p>`,
	},
	{
	`
	<table height="40" width="30" summary="foo">
	<caption>a caption</caption>
	<colgroup align="left" valign="BOTTOM" span="4" height="30" width="20%">
	<col align="justify" span="32" valign="baseline" height="40%" width="40"/>
	</colgroup>
	<thead align="LeFt" valign="MiDdLe">
	<tr align="rIgHt" valign="tOp">
	<th abbr="hello world" align="right" colspan="4" rowspan="3" headers="foo bar" height="30%" width="4" scope="rowgroup" valign="top" nowrap="">th</th>
	<td abbr="goodbye world" align="left" colspan="3" rowspan="2" headers="baz quux" height="20" width="50%" scope="col" valign="baseline" nowrap="nowrap">td</td>
	</tr>
	</thead>
	<tbody align="justify" valign="bottom">
	</tbody>
	<tfoot align="center" valign="middle">
	</tfoot>
	</table>
	`, `
	<table height="40" width="30" summary="foo">
	<caption>a caption</caption>
	<colgroup align="left" valign="BOTTOM" span="4" height="30" width="20%">
	<col align="justify" span="32" valign="baseline" height="40%" width="40"/>
	</colgroup>
	<thead align="LeFt" valign="MiDdLe">
	<tr align="rIgHt" valign="tOp">
	<th abbr="hello world" align="right" colspan="4" rowspan="3" headers="foo bar" height="30%" width="4" scope="rowgroup" valign="top" nowrap="">th</th>
	<td abbr="goodbye world" align="left" colspan="3" rowspan="2" headers="baz quux" height="20" width="50%" scope="col" valign="baseline" nowrap="nowrap">td</td>
	</tr>
	</thead>
	<tbody align="justify" valign="bottom">
	</tbody>
	<tfoot align="center" valign="middle">
	</tfoot>
	</table>
	`,
	},
	}

	for _, tc := range testCases {
	got := string(SanitizeBytes([]byte(tc.input)))
	if got != tc.want {
	t.Errorf("SanitizeBytes(%q): got %q, want %q", tc.input, got, tc.want)
	}
	}
	}