Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

added some more conformance tests for XSS stuff

  • Loading branch information...
commit 13926c1270ccb4934401e81765c0b566d3139d9b 1 parent 63f28c8
@bcherry bcherry authored
Showing with 9 additions and 0 deletions.
  1. +4 −0 autolink.yml
  2. +5 −0 hit_highlighting.yml
View
4 autolink.yml
@@ -369,6 +369,10 @@ tests:
text: "See: http://example.com/@user"
expected: "See: <a href=\"http://example.com/\">http://example.com/</a>@<a class=\"tweet-url username\" href=\"http://twitter.com/user\">user</a>"
+ - description: "Correctly handles URL with an @user followed by trailing /"
+ text: "See: http://example.com/@user/"
+ expected: "See: <a href=\"http://example.com/@user/\">http://example.com/@user/</a>"
+
- description: "Does not allow an XSS after an @"
text: "See: http://x.xx/@\"style=\"color:pink\"onmouseover=alert(1)//"
expected: "See: <a href=\"http://x.xx/\">http://x.xx/</a>@\"style=\"color:pink\"onmouseover=alert(1)//"
View
5 hit_highlighting.yml
@@ -46,3 +46,8 @@ tests:
text: "@<a href=\"http://twitter.com/username\">username</a> this is an example"
hits: [ [0, 14] ]
expected: "<em>@<a href=\"http://twitter.com/username\">username</a> this</em> is an example"
+
+ - description: "Highlight touching tags"
+ text: "<a>foo</a><a>foo</a>"
+ hits: [ [3, 6] ]
+ expected: "<a>foo</a><a><em>foo</em></a>
Please sign in to comment.
Something went wrong with that request. Please try again.