Created
January 31, 2020 14:22
-
-
Save jesslilly/782977c2a45e1ca68ed59a4164b389e2 to your computer and use it in GitHub Desktop.
MSTEST Stub for Ganss.XSS.HtmlSanitizer. Test your config.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Ganss.XSS; | |
| using Microsoft.VisualStudio.TestTools.UnitTesting; | |
| namespace VEIC.Tracker.Services.Tests.Shared | |
| { | |
| [TestClass] | |
| public class HtmlSanitizerTests | |
| { | |
| private IHtmlSanitizer _htmlSanitizer; | |
| [TestInitialize] | |
| public void TestInitialize() | |
| { | |
| _htmlSanitizer = new HtmlSanitizer(); | |
| _htmlSanitizer.AllowedAttributes.Add("class"); | |
| } | |
| [TestMethod] | |
| [DataRow("<p>safe</p>", "<p>safe</p>", DisplayName = "Normal HTML - no changes")] | |
| [DataRow("<p title=\"escaped\"></p>", "<p title=\"escaped\"></p>", DisplayName = "Escaped HTML - works")] | |
| [DataRow("<p class=\"cls-Normal\"></p>", "<p class=\"cls-Normal\"></p>", DisplayName = "HTML with class attr - no changes")] | |
| [DataRow("<body><p>safe</p></body>", "<p>safe</p>", DisplayName = "HTML with body tag - no changes")] | |
| [DataRow("<p onload=alert('unsafe')></p>", "<p></p>", DisplayName = "Unsafe HTML - XSS removed")] | |
| public void SanitizeDocument(string input, string expected) | |
| { | |
| // Arrange | |
| // Act | |
| var result = _htmlSanitizer.SanitizeDocument(input); | |
| // Assert | |
| Assert.AreEqual("<html><head></head><body>" + expected + "</body></html>", result); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment