#!/usr/bin/perl use warnings; use strict; use Test::More tests => 26; use Encode; BEGIN { use_ok("IkiWiki"); } # Initialize htmlscrubber plugin %config=IkiWiki::defaultconfig(); $config{srcdir}=$config{destdir}="/dev/null"; IkiWiki::loadplugins(); IkiWiki::checkconfig(); is(IkiWiki::htmlize("foo", "mdwn", "foo\n\nbar\n"), "
foo
\n\nbar
\n", "basic"); is(IkiWiki::htmlize("foo", "mdwn", readfile("t/test1.mdwn")), Encode::decode_utf8(qq{\nóóóóó
\n}), "utf8; bug #373203"); ok(IkiWiki::htmlize("foo", "mdwn", readfile("t/test2.mdwn")), "this file crashes markdown if it's fed in as decoded utf-8"); sub gotcha { my $html=IkiWiki::htmlize("foo", "mdwn", shift); return $html =~ /GOTCHA/; } ok(!gotcha(q{click me}), "javascript url"); ok(!gotcha(q{click me}), "partially encoded javascript url"); ok(!gotcha(q{click me}), "jscript url"); ok(!gotcha(q{click me}), "vbscrpt url"); ok(!gotcha(q{click me}), "java-tab-script url"); ok(!gotcha(q{foo}), "entity-encoded CSS script test"); ok(!gotcha(q{foo}), "another entity-encoded CSS script test"); ok(!gotcha(q{}), "script tag"); ok(!gotcha(q{}), "form action with javascript"); ok(!gotcha(q{}), "video poster with javascript"); ok(!gotcha(q{a}), "CSS script test"); ok(! gotcha(q{}), "data:text/javascript (jeez!)"); ok(gotcha(q{}), "data:image/png"); ok(gotcha(q{}), "data:image/gif"); ok(gotcha(q{}), "data:image/jpeg"); ok(gotcha(q{javascript:alert('GOTCHA')
}), "not javascript AFAIK (but perhaps some web browser would like to be perverse and assume it is?)"); ok(gotcha(q{}), "not javascript"); ok(gotcha(q{foo}), "not javascript"); is(IkiWiki::htmlize("foo", "mdwn", q{}), q{}, "img with alt tag allowed"); is(IkiWiki::htmlize("foo", "mdwn", q{}), q{}, "absolute url allowed"); is(IkiWiki::htmlize("foo", "mdwn", q{}), q{}, "relative url allowed"); is(IkiWiki::htmlize("foo", "mdwn", q{bar}), q{bar}, "class attribute allowed");