# encoding: utf-8 require 'test_helper' class HtmlSanitizerTest < ActiveSupport::TestCase test 'xss' do assert_equal(HtmlSanitizer.strict('123'), '123') assert_equal(HtmlSanitizer.strict(''), '<b>123</b>') assert_equal(HtmlSanitizer.strict(''), '<style><b>123</b></style>') assert_equal(HtmlSanitizer.strict('123123'), '123123') assert_equal(HtmlSanitizer.strict('123123abc'), '123123abc') assert_equal(HtmlSanitizer.strict('123'), '123') assert_equal(HtmlSanitizer.strict(''), 'alert("XSS!");') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict('">'), 'alert("XSS")">') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict(''), '') assert_equal(HtmlSanitizer.strict('<'), '<alert("XSS");//<') assert_equal(HtmlSanitizer.strict(''), 'alert(\'XSS\');') assert_equal(HtmlSanitizer.strict('