use ruma_html::{ ElementAttributesReplacement, ElementAttributesSchemes, Html, ListBehavior, NameReplacement, PropertiesNames, SanitizerConfig, }; #[test] fn strict_mode_valid_input() { let config = SanitizerConfig::strict().remove_reply_fallback(); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn strict_mode_elements_remove() { let config = SanitizerConfig::strict(); let html = Html::parse( "\ \
\ In reply to \ @alice:example.com\
\ Previous message\
\ \ This has no tag\

But this is inside a tag

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \
\ In reply to \ @alice:example.com\
\ Previous message\
\ \ This has no tag\

But this is inside a tag

\ " ); } #[test] fn strict_mode_elements_reply_remove() { let config = SanitizerConfig::strict().remove_reply_fallback(); let html = Html::parse( "\ \
\ In reply to \ @alice:example.com\
\ Previous message\
\ \ This has no tag\

But this is inside a tag

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ This has no tag\

But this is inside a tag

\ " ); } #[test] fn remove_only_reply_fallback() { let config = SanitizerConfig::new().remove_reply_fallback(); let html = Html::parse( "\ \
\ In reply to \ @alice:example.com\
\ Previous message\
\ \ This keeps its tag\

But this is inside a tag

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ This keeps its tag\

But this is inside a tag

\ " ); } #[test] fn strict_mode_attrs_remove() { let config = SanitizerConfig::strict(); let html = Html::parse( "\

Title for important stuff

\

Look at me!

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\

Title for important stuff

\

Look at me!

\ " ); } #[test] fn strict_mode_img_remove_scheme() { let config = SanitizerConfig::strict(); let html = Html::parse( "\

Look at that picture:

\ \ ", ); html.sanitize_with(&config); assert_eq!(html.to_string(), "

Look at that picture:

"); } #[test] fn strict_mode_link_remove_scheme() { let config = SanitizerConfig::strict(); let html = Html::parse( "\

Go see my local website

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\

Go see my local website

\ " ); } #[test] fn compat_mode_link_remove_scheme() { let config = SanitizerConfig::strict(); let html = Html::parse( "\

Join my room

\

To talk about my cat

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\

Join my room

\

To talk about my cat

\ " ); let config = SanitizerConfig::compat(); let html = Html::parse( "\

Join my room

\

To talk about my cat

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\

Join my room

\

To talk about my cat

\ " ); } #[test] fn strict_mode_class_remove() { let config = SanitizerConfig::strict(); let html = Html::parse( "\ 

            type StringList = Vec<String>;
\

What do you think of the name StringList?

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ 

            type StringList = Vec<String>;
\

What do you think of the name StringList?

\ " ); } #[test] fn strict_mode_depth_remove() { let config = SanitizerConfig::strict(); let deeply_nested_html: String = std::iter::repeat("
") .take(100) .chain(Some( "I am in too deep!\ I should be fine.", )) .chain(std::iter::repeat("
").take(100)) .collect(); let html = Html::parse(&deeply_nested_html); html.sanitize_with(&config); let res = html.to_string(); assert!(res.contains("I should be fine.")); assert!(!res.contains("I am in too deep!")); } #[test] fn strict_mode_replace_deprecated() { let config = SanitizerConfig::strict(); let html = Html::parse( "\

Look at you me!

\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\

Look at you me!

\ " ); } #[test] fn allow_elements() { let config = SanitizerConfig::new().allow_elements(["ul", "li", "p", "img"], ListBehavior::Add); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn override_elements() { let config = SanitizerConfig::strict().allow_elements(["ul", "li", "p", "img"], ListBehavior::Override); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn add_elements() { let config = SanitizerConfig::strict().allow_elements(["keep-me"], ListBehavior::Add); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ I was kept!\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ I was kept!\ " ); } #[test] fn remove_elements() { let config = SanitizerConfig::strict().remove_elements(["span", "code"]); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph

\ \ " ); } #[test] fn ignore_elements() { let config = SanitizerConfig::new().ignore_elements(["span", "code"]); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn replace_elements() { let config = SanitizerConfig::new() .replace_elements([NameReplacement { old: "ul", new: "ol" }], ListBehavior::Add); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\
  1. This
  2. has
  3. no
  4. tag
\

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn replace_elements_override() { let config = SanitizerConfig::strict() .replace_elements([NameReplacement { old: "ul", new: "ol" }], ListBehavior::Override); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ This is wrong\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\
  1. This
  2. has
  3. no
  4. tag
\

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ This is wrong\ " ); } #[test] fn replace_elements_add() { let config = SanitizerConfig::strict() .replace_elements([NameReplacement { old: "ul", new: "ol" }], ListBehavior::Add); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ This is wrong\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\
  1. This
  2. has
  3. no
  4. tag
\

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ This is wrong\ " ); } #[test] fn allow_attributes() { let config = SanitizerConfig::new().allow_attributes( [PropertiesNames { parent: "img", properties: &["src"] }], ListBehavior::Add, ); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn override_attributes() { let config = SanitizerConfig::strict().allow_attributes( [PropertiesNames { parent: "img", properties: &["src"] }], ListBehavior::Override, ); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn add_attributes() { let config = SanitizerConfig::strict().allow_attributes( [PropertiesNames { parent: "img", properties: &["id"] }], ListBehavior::Add, ); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn remove_attributes() { let config = SanitizerConfig::strict() .remove_attributes([PropertiesNames { parent: "span", properties: &["data-mx-color"] }]); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn replace_attributes() { let config = SanitizerConfig::new().replace_attributes( [ElementAttributesReplacement { element: "span", replacements: &[NameReplacement { old: "data-mx-color", new: "data-mx-bg-color" }], }], ListBehavior::Add, ); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn replace_attributes_override() { let config = SanitizerConfig::strict().replace_attributes( [ElementAttributesReplacement { element: "font", replacements: &[NameReplacement { old: "color", new: "data-mx-bg-color" }], }], ListBehavior::Override, ); let html = Html::parse( "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn replace_attributes_add() { let config = SanitizerConfig::strict().replace_attributes( [ElementAttributesReplacement { element: "img", replacements: &[NameReplacement { old: "alt", new: "title" }], }], ListBehavior::Add, ); let html = Html::parse( "\ \

This is a paragraph with some color

\ \"An\ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \

This is a paragraph with some color

\ \ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn allow_schemes() { let config = SanitizerConfig::new().allow_schemes( [ElementAttributesSchemes { element: "img", attr_schemes: &[PropertiesNames { parent: "src", properties: &["mxc"] }], }], ListBehavior::Add, ); let html = Html::parse( "\ \ \ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \ " ); } #[test] fn override_schemes() { let config = SanitizerConfig::strict().allow_schemes( [ElementAttributesSchemes { element: "img", attr_schemes: &[PropertiesNames { parent: "src", properties: &["https"] }], }], ListBehavior::Override, ); let html = Html::parse( "\ \ \ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \ " ); } #[test] fn add_schemes() { let config = SanitizerConfig::strict().allow_schemes( [ElementAttributesSchemes { element: "img", attr_schemes: &[PropertiesNames { parent: "src", properties: &["https"] }], }], ListBehavior::Add, ); let html = Html::parse( "\ \ \ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ \ \ " ); } #[test] fn deny_schemes() { let config = SanitizerConfig::strict().deny_schemes([ElementAttributesSchemes { element: "a", attr_schemes: &[PropertiesNames { parent: "href", properties: &["http"] }], }]); let html = Html::parse( "\ Secure link to an image\ Insecure link to an image\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ Secure link to an image\ Insecure link to an image\ " ); } #[test] fn allow_classes() { let config = SanitizerConfig::new().allow_classes( [PropertiesNames { parent: "img", properties: &["custom-class", "custom-class-*"] }], ListBehavior::Add, ); let html = Html::parse( "\ <mx-reply>This is a fake reply</mx-reply>\ \ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ <mx-reply>This is a fake reply</mx-reply>\ \ " ); } #[test] fn override_classes() { let config = SanitizerConfig::strict().allow_classes( [PropertiesNames { parent: "code", properties: &["custom-class", "custom-class-*"] }], ListBehavior::Override, ); let html = Html::parse( "\ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn add_classes() { let config = SanitizerConfig::strict().allow_classes( [PropertiesNames { parent: "code", properties: &["custom-class", "custom-class-*"] }], ListBehavior::Add, ); let html = Html::parse( "\ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ <mx-reply>This is a fake reply</mx-reply>\ " ); } #[test] fn remove_classes() { let config = SanitizerConfig::strict() .remove_classes([PropertiesNames { parent: "code", properties: &["language-rust"] }]); let html = Html::parse( "\ <mx-reply>This is a fake reply</mx-reply>\ ", ); html.sanitize_with(&config); assert_eq!( html.to_string(), "\ <mx-reply>This is a fake reply</mx-reply>\ " ); }