defmodule Pleroma.HTMLTest do alias Pleroma.HTML use Pleroma.DataCase @html_sample """ this is in bold

this is a paragraph

this is a linebreak
this is an image:

""" @html_onerror_sample """

""" describe "StripTags scrubber" do test "works as expected" do expected = """ this is in bold this is a paragraph this is a linebreak this is an image: alert('hacked') """ assert expected == HTML.strip_tags(@html_sample) end test "does not allow attribute-based XSS" do expected = "\n" assert expected == HTML.strip_tags(@html_onerror_sample) end end describe "TwitterText scrubber" do test "normalizes HTML as expected" do expected = """ this is in bold

this is a paragraph

this is a linebreak
this is an image:

alert('hacked') """ assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.TwitterText) end test "does not allow attribute-based XSS" do expected = """

""" assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.TwitterText) end end describe "default scrubber" do test "normalizes HTML as expected" do expected = """ this is in bold

this is a paragraph

this is a linebreak
this is an image:

alert('hacked') """ assert expected == HTML.filter_tags(@html_sample, Pleroma.HTML.Scrubber.Default) end test "does not allow attribute-based XSS" do expected = """

""" assert expected == HTML.filter_tags(@html_onerror_sample, Pleroma.HTML.Scrubber.Default) end end end