##// END OF EJS Templates
testing for sanitize
MinRK -
Show More
@@ -1,36 +1,40 b''
1 safe_tests = [
1 safe_tests = [
2 "<p>Hi there</p>",
2 "<p>Hi there</p>",
3 '<h1 class="foo">Hi There!</h1>',
3 '<h1 class="foo">Hi There!</h1>',
4 '<a data-cite="foo">citation</a>',
4 '<a data-cite="foo">citation</a>',
5 '<div><span>Hi There</span></div>'
5 '<div><span>Hi There</span></div>',
6 ];
6 ];
7
7
8 unsafe_tests = [
8 unsafe_tests = [
9 "<script>alert(999);</script>",
9 "<script>alert(999);</script>",
10 '<a onmouseover="alert(999)">999</a>',
10 '<a onmouseover="alert(999)">999</a>',
11 '<a onmouseover=alert(999)>999</a>',
11 '<a onmouseover=alert(999)>999</a>',
12 '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">',
12 '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">',
13 '<IMG SRC=# onmouseover="alert(999)">',
13 '<IMG SRC=# onmouseover="alert(999)">',
14 '<<SCRIPT>alert(999);//<</SCRIPT>',
14 '<<SCRIPT>alert(999);//<</SCRIPT>',
15 '<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >',
15 '<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >',
16 '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">',
16 '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">',
17 '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(999);">',
17 '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(999);">',
18 '<IFRAME SRC="javascript:alert(999);"></IFRAME>',
18 '<IFRAME SRC="javascript:alert(999);"></IFRAME>',
19 '<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>',
19 '<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>',
20 '<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>',
20 '<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>',
21 ];
21 ];
22
22
23 casper.notebook_test(function () {
23 casper.notebook_test(function () {
24 this.each(safe_tests, function (self, item) {
24 this.each(safe_tests, function (self, item) {
25 var is_safe = self.evaluate(function (item) {
25 var is_safe = self.evaluate(function (item) {
26 return IPython.security.is_safe(item);
26 return IPython.security.is_safe(item);
27 }, item);
27 }, item);
28 this.test.assert(is_safe, item);
28 this.test.assert(is_safe, "Safe: " + item);
29 });
29 });
30 this.each(unsafe_tests, function (self, item) {
30 this.each(unsafe_tests, function (self, item) {
31 var is_safe = self.evaluate(function (item) {
31 var is_safe = self.evaluate(function (item) {
32 return IPython.security.is_safe(item);
32 return IPython.security.is_safe(item);
33 }, item);
33 }, item);
34 this.test.assert(!is_safe, item);
34 this.test.assert(!is_safe, "Unsafe: " + item);
35 var sanitized = self.evaluate(function (item) {
36 return IPython.security.sanitize_html(item);
37 }, item);
38 this.test.assertEquals(sanitized.indexOf("alert"), -1, "Sanitized " + item);
35 });
39 });
36 }); No newline at end of file
40 });
General Comments 0
You need to be logged in to leave comments. Login now