Add tests for restricted_html

diff --git a/test/test_restricted_html.cpp b/test/test_restricted_html.cpp
index d744ed2..c209b63 100644 (file)
--- a/test/test_restricted_html.cpp
+++ b/test/test_restricted_html.cpp
@@ -32,7 +32,112 @@ using namespace std;
 using namespace I2n;
 
 BOOST_AUTO_TEST_SUITE(test_restricted_html)
+/**
+ * TODO Create more tests for:
+ * html comments removed
+ * Test the transformation from non asccii to html_entities
+ */
+BOOST_AUTO_TEST_CASE(BasicTest)
+{
+    string output = restrict_html("<h1>Table</h1><table>  <tr><th>Month</th>    <th>Savings</th>  </tr>  <tr>    <td>January</td>    <td>$100</td>  </tr></table> <p>Paragraph with a <a href=\"https://example.de\"><i>Acceptable Link</i></a>.</p> <ul>  <li>Coffee</li>   <li>Tea</li>  <li>Milk</li></ul>");
+    BOOST_CHECK_EQUAL(string("<h1>Table</h1><table>  <tr><th>Month</th>    <th>Savings</th>  </tr>  <tr>    <td>January</td>    <td>$100</td>  </tr></table> <p>Paragraph with a <a href=\"/arnie?form=redirect&url=https://example.de\" target=_blank><i>Acceptable Link</i></a>.</p> <ul>  <li>Coffee</li>   <li>Tea</li>  <li>Milk</li></ul>"), output);
+}
+
+BOOST_AUTO_TEST_CASE(ScriptInjection)
+{
+    string output = restrict_html("<h1>test<br size=\"&{alert('failed')}\"></h1>");
+    BOOST_CHECK_EQUAL(string("<h1>test</h1>"), output);
+}
+
+BOOST_AUTO_TEST_CASE(NestedScript)
+{
+    string output = restrict_html("<<script>script>evil()<</script>/script>");
+    BOOST_CHECK_EQUAL(string("&lt;script&gt;evil()&lt;&#x2F;script&gt;"), output);
+}
+
+BOOST_AUTO_TEST_CASE(NestedScript2)
+{
+    string output = restrict_html("<<x>script>evil2()<</x>/script>");
+    BOOST_CHECK_EQUAL(string("&lt;script&gt;evil2()&lt;&#x2F;script&gt;"), output);
+}
+
+BOOST_AUTO_TEST_CASE(NestedScript3)
+{
+    string output = restrict_html("<<x><h1script>evil3()<</x>/script>");
+    BOOST_CHECK_EQUAL(string("&lt;evil3()&lt;&#x2F;script&gt;"), output);
+}
+
+BOOST_AUTO_TEST_CASE(NestedScript4)
+{
+    string output = restrict_html("<scri<scri<script>pt>pt>alert(1)</script>");
+    BOOST_CHECK_EQUAL(string("&lt;scri&lt;script&gt;pt&gt;alert(1)"), output);
+}
+
+BOOST_AUTO_TEST_CASE(AhrefLink)
+{
+    string output = restrict_html("<a onclick=\"evil\" href=\"form\">test</a>");
+    BOOST_CHECK_EQUAL(string("test"), output);
+}
+
+BOOST_AUTO_TEST_CASE(AhrefLink2)
+{
+    string output = restrict_html("<a href=\"http://i2n.de/\" >test</a>");
+    BOOST_CHECK_EQUAL(string("<a href=\"/arnie?form=redirect&url=http://i2n.de/\" target=_blank>test</a>"), output);
+}
+
+BOOST_AUTO_TEST_CASE(AhrefLink3)
+{
+    string output = restrict_html("<a href=\"http://site.com/dir\" onclick=\"evil\">test</a>");
+    BOOST_CHECK_EQUAL(string("test"), output);
+}
 
+BOOST_AUTO_TEST_CASE(AhrefLink4)
+{
+    string output = restrict_html("<a href=\"http://site.com/dir\"onclick=\"evil\">test</a>");
+    BOOST_CHECK_EQUAL(string("test"), output);
+}
+
+BOOST_AUTO_TEST_CASE(AhrefLink5)
+{
+    string output = restrict_html("\"<a href=\"http://\"onclick=\"\\u0061\"> Test Me</a>");
+    BOOST_CHECK_EQUAL(string("&quot; Test Me"), output);
+}
+
+BOOST_AUTO_TEST_CASE(AhrefProtocol)
+{
+    string output = restrict_html("<a href=\"/foo\">foo</a>");
+    BOOST_CHECK_EQUAL(string("<a href=\"/foo\">foo</a>"), output);
+}
+
+BOOST_AUTO_TEST_CASE(AhrefWrongProtocol)
+{
+    string output = restrict_html("<a href=\"ftp://foo\">foo</a>");
+    BOOST_CHECK_EQUAL(string("foo"), output);
+}
+
+BOOST_AUTO_TEST_CASE(UnclosedTags)
+{
+    string output = restrict_html("<table><tr><td><h1>Test</h1>");
+    BOOST_CHECK_EQUAL(string("<table><tr><td><h1>Test</h1></td></tr></table>"), output);
+}
+
+BOOST_AUTO_TEST_CASE(UnopenedTags)
+{
+    string output = restrict_html("<h1>Test</h1></td></tr></table>");
+    BOOST_CHECK_EQUAL(string("<h1>Test</h1>"), output);
+}
+
+BOOST_AUTO_TEST_CASE(UnsafeURLChars)
+{
+    string output = restrict_html("<a href=http://i2n.de/maçã >maçã</a>");
+    BOOST_CHECK_EQUAL(string("ma&#231;&#227;"), output);
+}
+
+BOOST_AUTO_TEST_CASE(UnsafeURLChars2)
+{
+    string output = restrict_html("<a href=/http://aa.com\nonclick=\\u0061> Test Me!!</a>");
+    BOOST_CHECK_EQUAL(string(" Test Me!!"), output);
+}
 
 BOOST_AUTO_TEST_CASE(DecodeStringURL)
 {