-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathmarkdown_test.go
More file actions
61 lines (50 loc) · 2.06 KB
/
markdown_test.go
File metadata and controls
61 lines (50 loc) · 2.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package aisanitize
import (
"context"
"strings"
"testing"
)
func TestSanitizationPostflight_NeutralizesRawHTML(t *testing.T) {
input := "Please avoid <script>alert('x')</script> in output"
out, _ := SanitizationPostflight(context.Background(), input)
if strings.Contains(strings.ToLower(out), "<script") {
t.Fatalf("expected raw html tags to be neutralized, got: %s", out)
}
if !strings.Contains(out, "<script>") {
t.Fatalf("expected escaped script tag marker, got: %s", out)
}
}
func TestSanitizationPostflight_NeutralizesUnsafeMarkdownLink(t *testing.T) {
input := "Click [here](javascript:alert(1)) for details"
out, _ := SanitizationPostflight(context.Background(), input)
if strings.Contains(strings.ToLower(out), "javascript:") {
t.Fatalf("expected unsafe javascript scheme to be removed, got: %s", out)
}
if !strings.Contains(out, "[here](#)") {
t.Fatalf("expected unsafe markdown link to be neutralized, got: %s", out)
}
}
func TestSanitizationPostflight_PreservesSafeMarkdownLink(t *testing.T) {
input := "See [docs](https://example.com/security)"
out, _ := SanitizationPostflight(context.Background(), input)
if out != input {
t.Fatalf("expected safe markdown link to remain unchanged, got: %s", out)
}
}
func TestSanitizationPostflight_PreservesSafeMarkdownLinkWithNestedParentheses(t *testing.T) {
input := "Read [guide](https://example.com/path_(nested)/index.html)"
out, _ := SanitizationPostflight(context.Background(), input)
if out != input {
t.Fatalf("expected safe markdown link with nested parentheses to remain unchanged, got: %s", out)
}
}
func TestSanitizationPostflight_NeutralizesUnsafeMarkdownLinkWithWhitespaceLabel(t *testing.T) {
input := "Use [bad label text](javascript:alert(1))"
out, _ := SanitizationPostflight(context.Background(), input)
if strings.Contains(strings.ToLower(out), "javascript:") {
t.Fatalf("expected javascript link to be removed, got: %s", out)
}
if !strings.Contains(out, "[bad label text](#)") {
t.Fatalf("expected unsafe markdown link with whitespace label to be neutralized, got: %s", out)
}
}