src/tests/org/owasp/html/ExamplesTest.java - platform/external/owasp/sanitizer - Git at Google

 // Copyright (c) 2011, Mike Samuel
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions
 // are met:
 //
 // Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 // Redistributions in binary form must reproduce the above copyright
 // notice, this list of conditions and the following disclaimer in the
 // documentation and/or other materials provided with the distribution.
 // Neither the name of the OWASP nor the names of its contributors may
 // be used to endorse or promote products derived from this software
 // without specific prior written permission.
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 // ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 // POSSIBILITY OF SUCH DAMAGE.

 package org.owasp.html;

 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.PrintStream;
 import java.lang.reflect.Method;

 import com.google.common.base.Throwables;

 import org.junit.Test;
 import org.owasp.html.examples.EbayPolicyExample;

 import junit.framework.TestCase;

 public class ExamplesTest extends TestCase {
   @Test
   public static final void testExamplesRun() throws Exception {
     InputStream stdin = System.in;
     PrintStream stdout = System.out;
     PrintStream stderr = System.err;
     for (Class<?> exampleClass : AllExamples.CLASSES) {
       InputStream emptyIn = new ByteArrayInputStream(new byte[0]);
       ByteArrayOutputStream captured = new ByteArrayOutputStream();
       PrintStream capturingOut = new PrintStream(captured, true, "UTF-8");
       System.setIn(emptyIn);
       System.setOut(capturingOut);
       System.setErr(capturingOut);

       Method main;
       try {
         main = exampleClass.getDeclaredMethod("main", String[].class);
         // Invoke with no arguments to sanitize empty input stream to output.
         main.invoke(null, new Object[] { new String[0] });
       } catch (Exception ex) {
         capturingOut.flush();
         System.err.println(
             "Example " + exampleClass.getSimpleName() + "\n"
             + captured.toString("UTF-8"));
         Throwables.propagate(ex);
       } finally {
         System.setIn(stdin);
         System.setOut(stdout);
         System.setErr(stderr);
       }
     }
   }

   @Test
   public static final void testSanitizeRemovesScripts() {
     String input =
       "<p>Hello World</p>"
       + "<script language=\"text/javascript\">alert(\"bad\");</script>";
     String sanitized = EbayPolicyExample.POLICY_DEFINITION.sanitize(input);
     assertEquals("<p>Hello World</p>", sanitized);
   }

   @Test
   public static final void testSanitizeRemovesOnclick() {
     String input = "<p onclick=\"alert(\"bad\");\">Hello World</p>";
     String sanitized = EbayPolicyExample.POLICY_DEFINITION.sanitize(input);
     assertEquals("<p>Hello World</p>", sanitized);
   }

   @Test
   public static final void testTextAllowedInLinks() {
     String input = "<a href=\"../good.html\">click here</a>";
     String sanitized = EbayPolicyExample.POLICY_DEFINITION.sanitize(input);
     assertEquals("<a href=\"../good.html\" rel=\"nofollow\">click here</a>",
                  sanitized);
   }
 }
	// Copyright (c) 2011, Mike Samuel
	// All rights reserved.
	//
	// Redistribution and use in source and binary forms, with or without
	// modification, are permitted provided that the following conditions
	// are met:
	//
	// Redistributions of source code must retain the above copyright
	// notice, this list of conditions and the following disclaimer.
	// Redistributions in binary form must reproduce the above copyright
	// notice, this list of conditions and the following disclaimer in the
	// documentation and/or other materials provided with the distribution.
	// Neither the name of the OWASP nor the names of its contributors may
	// be used to endorse or promote products derived from this software
	// without specific prior written permission.
	// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
	// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
	// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
	// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	// POSSIBILITY OF SUCH DAMAGE.

	package org.owasp.html;

	import java.io.ByteArrayInputStream;
	import java.io.ByteArrayOutputStream;
	import java.io.InputStream;
	import java.io.PrintStream;
	import java.lang.reflect.Method;

	import com.google.common.base.Throwables;

	import org.junit.Test;
	import org.owasp.html.examples.EbayPolicyExample;

	import junit.framework.TestCase;

	public class ExamplesTest extends TestCase {
	@Test
	public static final void testExamplesRun() throws Exception {
	InputStream stdin = System.in;
	PrintStream stdout = System.out;
	PrintStream stderr = System.err;
	for (Class<?> exampleClass : AllExamples.CLASSES) {
	InputStream emptyIn = new ByteArrayInputStream(new byte[0]);
	ByteArrayOutputStream captured = new ByteArrayOutputStream();
	PrintStream capturingOut = new PrintStream(captured, true, "UTF-8");
	System.setIn(emptyIn);
	System.setOut(capturingOut);
	System.setErr(capturingOut);

	Method main;
	try {
	main = exampleClass.getDeclaredMethod("main", String[].class);
	// Invoke with no arguments to sanitize empty input stream to output.
	main.invoke(null, new Object[] { new String[0] });
	} catch (Exception ex) {
	capturingOut.flush();
	System.err.println(
	"Example " + exampleClass.getSimpleName() + "\n"
	+ captured.toString("UTF-8"));
	Throwables.propagate(ex);
	} finally {
	System.setIn(stdin);
	System.setOut(stdout);
	System.setErr(stderr);
	}
	}
	}

	@Test
	public static final void testSanitizeRemovesScripts() {
	String input =
	"<p>Hello World</p>"
	+ "<script language=\"text/javascript\">alert(\"bad\");</script>";
	String sanitized = EbayPolicyExample.POLICY_DEFINITION.sanitize(input);
	assertEquals("<p>Hello World</p>", sanitized);
	}

	@Test
	public static final void testSanitizeRemovesOnclick() {
	String input = "<p onclick=\"alert(\"bad\");\">Hello World</p>";
	String sanitized = EbayPolicyExample.POLICY_DEFINITION.sanitize(input);
	assertEquals("<p>Hello World</p>", sanitized);
	}

	@Test
	public static final void testTextAllowedInLinks() {
	String input = "<a href=\"../good.html\">click here</a>";
	String sanitized = EbayPolicyExample.POLICY_DEFINITION.sanitize(input);
	assertEquals("<a href=\"../good.html\" rel=\"nofollow\">click here</a>",
	sanitized);
	}
	}