1 package com.android.mail.utils; 2 3 import android.test.AndroidTestCase; 4 import android.test.suitebuilder.annotation.SmallTest; 5 6 /** 7 * These test cases verify that each white listed element and attribute is accepted by the sanitizer 8 * and everything else is correctly discarded. 9 */ 10 @SmallTest 11 public class BasicHtmlSanitizerTest extends AndroidTestCase { testAttributeDir()12 public void testAttributeDir() { 13 sanitize("<div dir=\"ltr\">something</div>", "<div dir=\"ltr\">something</div>"); 14 sanitize("<div dir=\"rtl\">something</div>", "<div dir=\"rtl\">something</div>"); 15 sanitize("<div dir=\"LTR\">something</div>", "<div dir=\"ltr\">something</div>"); 16 sanitize("<div dir=\"RTL\">something</div>", "<div dir=\"rtl\">something</div>"); 17 sanitize("<div dir=\"blah\">something</div>", "<div>something</div>"); 18 } 19 testA()20 public void testA() { 21 // allowed attributes 22 sanitize("<a coords=\"something\"></a>", "<a coords=\"something\"></a>"); 23 sanitize("<a href=\"http://www.here.com\"></a>", "<a href=\"http://www.here.com\"></a>"); 24 sanitize("<a href=\"https://www.here.com\"></a>", "<a href=\"https://www.here.com\"></a>"); 25 sanitize("<a name=\"something\"></a>", "<a name=\"something\"></a>"); 26 sanitize("<a shape=\"something\"></a>", "<a shape=\"something\"></a>"); 27 28 // disallowed attributes (all links should launch a browser so we don't need these) 29 sanitize("<a charset=\"something\"></a>", ""); 30 sanitize("<a datafld=\"something\"></a>", ""); 31 sanitize("<a datasrc=\"something\"></a>", ""); 32 sanitize("<a download=\"something\"></a>", ""); 33 sanitize("<a href=\"javascript:badness()\"></a>", ""); 34 sanitize("<a href=\"cid:ii_hyw5v8ej0\"></a>", ""); 35 sanitize("<a hreflang=\"something\"></a>", ""); 36 sanitize("<a media=\"something\"></a>", ""); 37 sanitize("<a methods=\"something\"></a>", ""); 38 sanitize("<a ping=\"something\"></a>", ""); 39 sanitize("<a rel=\"something\"></a>", ""); 40 sanitize("<a rev=\"something\"></a>", ""); 41 sanitize("<a target=\"_top\"></a>", ""); 42 sanitize("<a type=\"_top\"></a>", ""); 43 sanitize("<a urn=\"_top\"></a>", ""); 44 sanitize("<a onmouseout=\"alert(document.cookie)\">xxs link</a>", "xxs link"); 45 sanitize("<a onmouseover=\"alert(document.cookie)\">xxs link</a>", "xxs link"); 46 sanitize("<a onmouseover=alert(document.cookie)>xxs link</a>", "xxs link"); 47 sanitize("exp/*<a style='no\\xss:noxss(\"*//*\");\n" + 48 "xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>", "exp/*"); 49 } 50 testAbbr()51 public void testAbbr() { 52 sanitize("<abbr title=\"United Kingdom\">UK</abbr>", 53 "<abbr title=\"United Kingdom\">UK</abbr>"); 54 } 55 testAcronym()56 public void testAcronym() { 57 sanitize("<acronym title=\"World Wide Web\">WWW</acronym>", 58 "<acronym title=\"World Wide Web\">WWW</acronym>"); 59 } 60 testAddress()61 public void testAddress() { 62 sanitize("<address>something</address>", "<address>something</address>"); 63 } 64 testApplet()65 public void testApplet() { 66 // todo Gmail would also strip "malicious applet" as well... is this a problem? 67 sanitize("<applet>malicious applet</applet>", "malicious applet"); 68 } 69 testArea()70 public void testArea() { 71 // allowed attributes 72 sanitize("<area alt=\"something\"/>", "<area alt=\"something\" />"); 73 sanitize("<area coords=\"something\"/>", "<area coords=\"something\" />"); 74 sanitize("<area href=\"http://www.here.com\"/>", "<area href=\"http://www.here.com\" />"); 75 sanitize("<area href=\"https://www.here.com\"/>", "<area href=\"https://www.here.com\" />"); 76 sanitize("<area name=\"something\"/>", "<area name=\"something\" />"); 77 sanitize("<area nohref />", "<area nohref=\"nohref\" />"); 78 sanitize("<area shape=\"something\"/>", "<area shape=\"something\" />"); 79 80 // disallowed attributes (all links launch a browser so we don't need these attributes) 81 sanitize("<area accessKey=\"A\"/>", "<area />"); 82 sanitize("<area download=\"something\"/>", "<area />"); 83 sanitize("<area href=\"javascript:badness()\"/>", "<area />"); 84 sanitize("<area href=\"cid:ii_hyw5v8ej0\"/>", "<area />"); 85 sanitize("<area hreflang=\"something\"/>", "<area />"); 86 sanitize("<area media=\"something\"/>", "<area />"); 87 sanitize("<area rel=\"something\"/>", "<area />"); 88 sanitize("<area target=\"something\"/>", "<area />"); 89 sanitize("<area tabindex=\"something\"/>", "<area />"); 90 sanitize("<area type=\"something\"/>", "<area />"); 91 } 92 testArticle()93 public void testArticle() { 94 sanitize("<article></article>", "<article></article>"); 95 } 96 testAside()97 public void testAside() { 98 sanitize("<aside></aside>", "<aside></aside>"); 99 } 100 testAudio()101 public void testAudio() { 102 sanitize("<audio>not supported</audio>", "not supported"); 103 } 104 testB()105 public void testB() { 106 sanitize("<b>something</b>", "<b>something</b>"); 107 } 108 testBase()109 public void testBase() { 110 // allowed attributes 111 sanitize("<base href=\"http://www.example.com/\">", 112 "<base href=\"http://www.example.com/\" />"); 113 sanitize("<base href=\"https://www.example.com/\">", 114 "<base href=\"https://www.example.com/\" />"); 115 116 // disallowed attributes 117 sanitize("<base target=\"_blank\">", "<base />"); 118 sanitize("<base href=\"javascript:badness()\">", "<base />"); 119 sanitize("<base href=\"cid:ii_hyw5v8ej0\">", "<base />"); 120 sanitize("<base href=\"javascript:alert('XSS');//\">", "<base />"); 121 } 122 testBasefont()123 public void testBasefont() { 124 sanitize("<basefont color=\"something\"/>", ""); 125 sanitize("<basefont face=\"something\"/>", ""); 126 sanitize("<basefont size=\"something\"/>", ""); 127 } 128 testBdi()129 public void testBdi() { 130 sanitize("<bdi>something</bdi>", "<bdi>something</bdi>"); 131 sanitize("<bdi dir=\"ltr\">something</bdi>", "<bdi dir=\"ltr\">something</bdi>"); 132 } 133 testBdo()134 public void testBdo() { 135 sanitize("<bdo>something</bdo>", "<bdo>something</bdo>"); 136 sanitize("<bdo dir=\"ltr\">something</bdo>", "<bdo dir=\"ltr\">something</bdo>"); 137 } 138 testBgsound()139 public void testBgsound() { 140 sanitize("<bgsound src=\"sound1.mid\">", ""); 141 sanitize("<bgsound src=\"javascript:alert('XSS');\">", ""); 142 } 143 testBig()144 public void testBig() { 145 sanitize("<big>something</big>", "<big>something</big>"); 146 } 147 testBlink()148 public void testBlink() { 149 sanitize("<blink>something</blink>", "something"); 150 } 151 testBlockquote()152 public void testBlockquote() { 153 sanitize("<blockquote>something</blockquote>", "<blockquote>something</blockquote>"); 154 sanitize("<blockquote cite=\"http://www.here.com\">something</blockquote>", 155 "<blockquote cite=\"http://www.here.com\">something</blockquote>"); 156 sanitize("<blockquote cite=\"javascript:badness()\">something</blockquote>", 157 "<blockquote>something</blockquote>"); 158 159 sanitize("<blockquote style=\"margin:0;margin-left:0.8ex;border-left:1px #ccc solid;" + 160 "padding-left:1ex\">", 161 "<blockquote style=\"margin:0;margin-left:0.8ex;border-left:1px #ccc solid;" + 162 "padding-left:1ex\"></blockquote>"); 163 } 164 165 /** 166 * The body tag will be supplied by code that wraps this email with other formatting logic. 167 * So, any body tags appearing within the email are translated to div tags. 168 */ testBody()169 public void testBody() { 170 sanitize("<body alink=\"something\"></body>", "<div></div>"); 171 sanitize("<body background=\"something\"></body>", "<div></div>"); 172 sanitize("<body bgcolor=\"something\"></body>", "<div></div>"); 173 sanitize("<body link=\"something\"></body>", "<div></div>"); 174 sanitize("<body text=\"something\"></body>", "<div></div>"); 175 sanitize("<body vlink=\"something\"></body>", "<div></div>"); 176 177 // take extra care to ensure that these scripting callbacks don't survive 178 sanitize("<body onafterprint=\"something\"></body>", "<div></div>"); 179 sanitize("<body onbeforeprint=\"something\"></body>", "<div></div>"); 180 sanitize("<body onbeforeunload=\"something\"></body>", "<div></div>"); 181 sanitize("<body onblur=\"something\"></body>", "<div></div>"); 182 sanitize("<body onerror=\"something\"></body>", "<div></div>"); 183 sanitize("<body onfocus=\"something\"></body>", "<div></div>"); 184 sanitize("<body onhashchange=\"something\"></body>", "<div></div>"); 185 sanitize("<body onload=\"something\"></body>", "<div></div>"); 186 sanitize("<body onmessage=\"something\"></body>", "<div></div>"); 187 sanitize("<body onoffline=\"something\"></body>", "<div></div>"); 188 sanitize("<body ononline=\"something\"></body>", "<div></div>"); 189 sanitize("<body onpopstate=\"something\"></body>", "<div></div>"); 190 sanitize("<body onredo=\"something\"></body>", "<div></div>"); 191 sanitize("<body onresize=\"something\"></body>", "<div></div>"); 192 sanitize("<body onstorage=\"something\"></body>", "<div></div>"); 193 sanitize("<body onundo=\"something\"></body>", "<div></div>"); 194 sanitize("<body onunload=\"something\"></body>", "<div></div>"); 195 sanitize("<body onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>", "<div></div>"); 196 sanitize("<body background=\"javascript:alert('XSS')\">", "<div></div>"); 197 sanitize("<body onload=alert('XSS')>", "<div></div>"); 198 sanitize("<body onload =alert('XSS')>", "<div></div>"); 199 } 200 testBr()201 public void testBr() { 202 sanitize("something<br>something", "something<br />something"); 203 sanitize("something<br clear=\"all\">something", "something<br clear=\"all\" />something"); 204 } 205 testButton()206 public void testButton() { 207 sanitize("<button>Click Me!</button>", "<button>Click Me!</button>"); 208 sanitize("<button autofocus=\"true\">Click Me!</button>", 209 "<button autofocus=\"true\">Click Me!</button>"); 210 sanitize("<button disabled=\"true\">Click Me!</button>", 211 "<button disabled=\"true\">Click Me!</button>"); 212 sanitize("<button formenctype=\"text/plain\">Click Me!</button>", 213 "<button formenctype=\"text/plain\">Click Me!</button>"); 214 sanitize("<button formmethod=\"post\">Click Me!</button>", 215 "<button formmethod=\"post\">Click Me!</button>"); 216 sanitize("<button formnovalidate=\"formnovalidate\">Click Me!</button>", 217 "<button formnovalidate=\"formnovalidate\">Click Me!</button>"); 218 sanitize("<button formtarget=\"_top\">Click Me!</button>", 219 "<button formtarget=\"_top\">Click Me!</button>"); 220 sanitize("<button name=\"something\">Click Me!</button>", 221 "<button name=\"something\">Click Me!</button>"); 222 sanitize("<button type=\"button\">Click Me!</button>", 223 "<button type=\"button\">Click Me!</button>"); 224 sanitize("<button value=\"something\">Click Me!</button>", 225 "<button value=\"something\">Click Me!</button>"); 226 sanitize("<button formaction=\"http://www.overhere.com/\">Click Me!</button>", 227 "<button formaction=\"http://www.overhere.com/\">Click Me!</button>"); 228 229 sanitize("<button formaction=\"javascript:badness()\">Click Me!</button>", 230 "<button>Click Me!</button>"); 231 } 232 testCanvas()233 public void testCanvas() { 234 sanitize("<canvas></canvas>", "<canvas></canvas>"); 235 sanitize("<canvas width=\"500\"></canvas>", "<canvas width=\"500\"></canvas>"); 236 sanitize("<canvas height=\"500\"></canvas>", "<canvas height=\"500\"></canvas>"); 237 } 238 testCaption()239 public void testCaption() { 240 sanitize("<caption>something</caption>", "<caption>something</caption>"); 241 sanitize("<caption align=\"left\">something</caption>", 242 "<caption align=\"left\">something</caption>"); 243 } 244 testCenter()245 public void testCenter() { 246 sanitize("<center>something</center>", "<center>something</center>"); 247 } 248 testCite()249 public void testCite() { 250 sanitize("<cite>something</cite>", "<cite>something</cite>"); 251 } 252 testCode()253 public void testCode() { 254 sanitize("<code>something</code>", "<code>something</code>"); 255 } 256 testCol()257 public void testCol() { 258 sanitize("<col>", "<col />"); 259 sanitize("<col align=\"left\">", "<col align=\"left\" />"); 260 sanitize("<col bgcolor=\"something\">", "<col bgcolor=\"something\" />"); 261 sanitize("<col char=\"something\">", "<col char=\"something\" />"); 262 sanitize("<col charoff=\"something\">", "<col charoff=\"something\" />"); 263 sanitize("<col span=\"something\">", "<col span=\"something\" />"); 264 sanitize("<col valign=\"something\">", "<col valign=\"something\" />"); 265 sanitize("<col width=\"something\">", "<col width=\"something\" />"); 266 } 267 testColgroup()268 public void testColgroup() { 269 sanitize("<colgroup></colgroup>", "<colgroup></colgroup>"); 270 sanitize("<colgroup align=\"left\"></colgroup>", "<colgroup align=\"left\"></colgroup>"); 271 sanitize("<colgroup char=\"something\"></colgroup>", 272 "<colgroup char=\"something\"></colgroup>"); 273 sanitize("<colgroup charoff=\"something\"></colgroup>", 274 "<colgroup charoff=\"something\"></colgroup>"); 275 sanitize("<colgroup span=\"something\"></colgroup>", 276 "<colgroup span=\"something\"></colgroup>"); 277 sanitize("<colgroup valign=\"something\"></colgroup>", 278 "<colgroup valign=\"something\"></colgroup>"); 279 sanitize("<colgroup width=\"something\"></colgroup>", 280 "<colgroup width=\"something\"></colgroup>"); 281 } 282 testDatalist()283 public void testDatalist() { 284 sanitize("<datalist></datalist>", "<datalist></datalist>"); 285 } 286 testDd()287 public void testDd() { 288 sanitize("<dd>something</dd>", "<dd>something</dd>"); 289 } 290 testDel()291 public void testDel() { 292 sanitize("<del>something</del>", "<del>something</del>"); 293 sanitize("<del cite=\"javascript:badness();\">something</del>", "<del>something</del>"); 294 sanitize("<del cite=\"http://www.reason.com/\">something</del>", 295 "<del cite=\"http://www.reason.com/\">something</del>"); 296 sanitize("<del datetime=\"something\">something</del>", 297 "<del datetime=\"something\">something</del>"); 298 } 299 testDetails()300 public void testDetails() { 301 sanitize("<details>something</details>", "<details>something</details>"); 302 } 303 testDfn()304 public void testDfn() { 305 sanitize("<dfn>something</dfn>", "<dfn>something</dfn>"); 306 } 307 testDialog()308 public void testDialog() { 309 sanitize("<dialog open>This is an open dialog window</dialog>", 310 "This is an open dialog window"); 311 } 312 testDir()313 public void testDir() { 314 sanitize("<dir><li>something</li></dir>", "<dir><li>something</li></dir>"); 315 sanitize("<dir compact=\"compact\"><li>something</li></dir>", 316 "<dir compact=\"compact\"><li>something</li></dir>"); 317 } 318 testDiv()319 public void testDiv() { 320 sanitize("<div></div>", "<div></div>"); 321 sanitize("<div align=\"left\"></div>", "<div align=\"left\"></div>"); 322 sanitize("<div background=\"http://www.random.com/mypng.gif\"></div>", 323 "<div background=\"http://www.random.com/mypng.gif\"></div>"); 324 325 sanitize("<div background=\"javascript:badness();\"></div>", "<div></div>"); 326 sanitize("<div style=\"width: expression(alert('XSS'));\">", "<div></div>"); 327 sanitize("<div style=\"background-image: url(javascript:alert('XSS'))\">", "<div></div>"); 328 sanitize("<div style=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061" + 329 "\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074" + 330 "\\0028.1027\\0058.1053\\0053\\0027\\0029'\\0029\">", "<div></div>"); 331 sanitize("<div style=\"background-image: url(javascript:alert('XSS'))\">", 332 "<div></div>"); 333 } 334 testDl()335 public void testDl() { 336 sanitize("<dl></dl>", "<dl></dl>"); 337 } 338 testDt()339 public void testDt() { 340 sanitize("<dt></dt>", "<dt></dt>"); 341 } 342 testEm()343 public void testEm() { 344 sanitize("<em>something</em>", "<em>something</em>"); 345 } 346 testEmbed()347 public void testEmbed() { 348 sanitize("<embed src=\"helloworld.swf\">", ""); 349 } 350 testFieldset()351 public void testFieldset() { 352 sanitize("<fieldset>something</fieldset>", "<fieldset>something</fieldset>"); 353 sanitize("<fieldset disabled=\"true\">something</fieldset>", 354 "<fieldset disabled=\"true\">something</fieldset>"); 355 sanitize("<fieldset form=\"formId\">something</fieldset>", 356 "<fieldset form=\"formId\">something</fieldset>"); 357 sanitize("<fieldset name=\"something\">something</fieldset>", 358 "<fieldset name=\"something\">something</fieldset>"); 359 } 360 testFigcaption()361 public void testFigcaption() { 362 sanitize("<figcaption>Fig1. something</figcaption>", 363 "<figcaption>Fig1. something</figcaption>"); 364 } 365 testFigure()366 public void testFigure() { 367 sanitize("<figure>something</figure>", "<figure>something</figure>"); 368 } 369 testFont()370 public void testFont() { 371 sanitize("<font>something</font>", "something"); 372 sanitize("<font size=\"3\">something</font>", "<font size=\"3\">something</font>"); 373 sanitize("<font face=\"verdana\">something</font>", 374 "<font face=\"verdana\">something</font>"); 375 sanitize("<font color=\"red\">something</font>", "<font color=\"red\">something</font>"); 376 } 377 testFooter()378 public void testFooter() { 379 sanitize("<footer>something</footer>", "<footer>something</footer>"); 380 } 381 testForm()382 public void testForm() { 383 sanitize("<form></form>", "<form></form>"); 384 sanitize("<form accept=\"something\"></form>", "<form accept=\"something\"></form>"); 385 sanitize("<form accept-charset=\"something\"></form>", 386 "<form accept-charset=\"something\"></form>"); 387 sanitize("<form autocomplete=\"on\"></form>", "<form autocomplete=\"on\"></form>"); 388 sanitize("<form enctype=\"text/plain\"></form>", "<form enctype=\"text/plain\"></form>"); 389 sanitize("<form method=\"get\"></form>", "<form method=\"get\"></form>"); 390 sanitize("<form name=\"something\"></form>", "<form name=\"something\"></form>"); 391 sanitize("<form novalidate=\"novalidate\"></form>", 392 "<form novalidate=\"novalidate\"></form>"); 393 sanitize("<form target=\"_top\"></form>", "<form target=\"_top\"></form>"); 394 sanitize("<form action=\"http://www.overhere.com/\"></form>", 395 "<form action=\"http://www.overhere.com/\"></form>"); 396 397 sanitize("<form action=\"javascript:badness()\"></form>", "<form></form>"); 398 sanitize("<form onsubmit=\"javascript:badness()\"></form>", "<form></form>"); 399 sanitize("<form onreset=\"javascript:badness()\"></form>", "<form></form>"); 400 } 401 testFrame()402 public void testFrame() { 403 sanitize("<frame src=\"frame_a.htm\">", ""); 404 } 405 testFrameset()406 public void testFrameset() { 407 sanitize("<frameset cols=\"25%,*,25%\"></frameset>", ""); 408 sanitize("<frameset><frame src=\"javascript:alert('XSS');\"></frameset>", ""); 409 } 410 testHead()411 public void testHead() { 412 sanitize("<head></head>", ""); 413 sanitize("<head profile=\"http://www.overhere.com/\"></head>", ""); 414 sanitize("<head profile=\"javascript:badness()\"></head>", ""); 415 } 416 testHeader()417 public void testHeader() { 418 sanitize("<header></header>", "<header></header>"); 419 } 420 testH1()421 public void testH1() { 422 sanitize("<h1>something</h1>", "<h1>something</h1>"); 423 sanitize("<h1 align=\"left\">something</h1>", "<h1 align=\"left\">something</h1>"); 424 } 425 testH2()426 public void testH2() { 427 sanitize("<h2>something</h2>", "<h2>something</h2>"); 428 sanitize("<h2 align=\"left\">something</h2>", "<h2 align=\"left\">something</h2>"); 429 } 430 testH3()431 public void testH3() { 432 sanitize("<h3>something</h3>", "<h3>something</h3>"); 433 sanitize("<h3 align=\"left\">something</h3>", "<h3 align=\"left\">something</h3>"); 434 } 435 testH4()436 public void testH4() { 437 sanitize("<h4>something</h4>", "<h4>something</h4>"); 438 sanitize("<h4 align=\"left\">something</h4>", "<h4 align=\"left\">something</h4>"); 439 } 440 testH5()441 public void testH5() { 442 sanitize("<h5>something</h5>", "<h5>something</h5>"); 443 sanitize("<h5 align=\"left\">something</h5>", "<h5 align=\"left\">something</h5>"); 444 } 445 testH6()446 public void testH6() { 447 sanitize("<h6>something</h6>", "<h6>something</h6>"); 448 sanitize("<h6 align=\"left\">something</h6>", "<h6 align=\"left\">something</h6>"); 449 } 450 testHr()451 public void testHr() { 452 sanitize("<hr/>", "<hr />"); 453 sanitize("<hr align=\"left\"/>", "<hr align=\"left\" />"); 454 sanitize("<hr noshade=\"noshade\"/>", "<hr noshade=\"noshade\" />"); 455 sanitize("<hr size=\"11\"/>", "<hr size=\"11\" />"); 456 sanitize("<hr width=\"666\"/>", "<hr width=\"666\" />"); 457 } 458 testHtml()459 public void testHtml() { 460 sanitize("<html></html>", ""); 461 sanitize("<html xmlns=\"http://www.w3.org/1999/xhtml\"></html>", ""); 462 sanitize("<html manifest=\"http://www.overhere.com/\"></html>", ""); 463 sanitize("<html manifest=\"javascript:badness()\"></html>", ""); 464 } 465 testI()466 public void testI() { 467 sanitize("<i></i>", "<i></i>"); 468 } 469 testIframe()470 public void testIframe() { 471 sanitize("<iframe src=\"http://www.w3schools.com\"></iframe>", ""); 472 sanitize("<iframe src=http://ha.ckers.org/scriptlet.html <", ""); 473 sanitize("<iframe src=\"javascript:alert('XSS');\"></iframe>", ""); 474 sanitize("<iframe src=# onmouseover=\"alert(document.cookie)\"></iframe>", ""); 475 } 476 testIsindex()477 public void testIsindex() { 478 sanitize("<isindex prompt=\"Search Document... \"/>", ""); 479 } 480 testImg()481 public void testImg() { 482 sanitize("<img/>", ""); 483 sanitize("<img align=\"left\"/>", "<img align=\"left\" />"); 484 sanitize("<img alt=\"something\"/>", "<img alt=\"something\" />"); 485 sanitize("<img border=\"22\"/>", "<img border=\"22\" />"); 486 sanitize("<img crossorigin=\"anonymous \"/>", "<img crossorigin=\"anonymous \" />"); 487 sanitize("<img height=\"22\"/>", "<img height=\"22\" />"); 488 sanitize("<img hspace=\"22\"/>", "<img hspace=\"22\" />"); 489 sanitize("<img ismap=\"ismap\"/>", "<img ismap=\"ismap\" />"); 490 sanitize("<img usemap=\"something\"/>", "<img usemap=\"something\" />"); 491 sanitize("<img vspace=\"22\"/>", "<img vspace=\"22\" />"); 492 sanitize("<img width=\"22\"/>", "<img width=\"22\" />"); 493 sanitize("<img src=\"http://www.overhere.com/\"></img>", 494 "<img src=\"http://www.overhere.com/\" />"); 495 sanitize("<img src=\"https://www.overhere.com/\"></img>", 496 "<img src=\"https://www.overhere.com/\" />"); 497 sanitize("<img src=\"cid:ii_hyw5v8ej0\"></img>", 498 "<img src=\"cid:ii_hyw5v8ej0\" />"); 499 sanitize("<img longdesc=\"http://www.overhere.com/\"></img>", 500 "<img longdesc=\"http://www.overhere.com/\" />"); 501 sanitize("<img longdesc=\"https://www.overhere.com/\"></img>", 502 "<img longdesc=\"https://www.overhere.com/\" />"); 503 504 sanitize("<img src=\"javascript:badness()\"></img>", ""); 505 sanitize("<img longdesc=\"javascript:badness()\"></img>", ""); 506 sanitize("<img longdesc=\"cid:ii_hyw5v8ej0\"></img>", ""); 507 sanitize("<img src=javascript:alert('XSS')>", ""); 508 sanitize("<img src=JaVaScRiPt:alert('XSS')>", ""); 509 sanitize("<img src=javascript:alert(\"XSS\")>", ""); 510 sanitize("<img src=`javascript:alert(\"RSnake says, 'XSS'\")`>", ""); 511 sanitize("<img \"\"\"><script>alert(\"XSS\")</script>\">", "">"); 512 sanitize("<img src=# onmouseover=\"alert('xxs')\">", "<img src=\"#\" />"); 513 sanitize("<img src= onmouseover=\"alert('xxs')\">", "<img src=\"onmouseover=\" />"); 514 sanitize("<img onmouseover=\"alert('xxs')\">", ""); 515 sanitize("<img src=/ onerror=\"alert(String.fromCharCode(88,83,83))\"></img>", 516 "<img src=\"/\" />"); 517 sanitize("<img src=javascript:a" + 518 "lert(\n'XSS')>", 519 ""); 520 sanitize("<img src=javascr" + 521 "ipt:a&\n" + 522 "#0000108ert('XSS" + 523 "')>", ""); 524 sanitize("<img src=javascript:ale" + 525 "rt('XSS')>", ""); 526 sanitize("<img src=\"jav\tascript:alert('XSS');\">", ""); 527 sanitize("<img src=\"jav	ascript:alert('XSS');\">", ""); 528 sanitize("<img src=\"jav
ascript:alert('XSS');\">", ""); 529 sanitize("<img src=\"jav
ascript:alert('XSS');\">", ""); 530 sanitize("<img src=java\0script:alert(\\\"XSS\\\")>", ""); 531 sanitize("<img src=\"  javascript:alert('XSS');\">", ""); 532 sanitize("<img src=\"javascript:alert('XSS')\"", ""); 533 sanitize("<img dynsrc=\"javascript:alert('XSS')\">", ""); 534 sanitize("<img lowsrc=\"javascript:alert('XSS')\">", ""); 535 sanitize("<img src='vbscript:msgbox(\"XSS\")'>", ""); 536 sanitize("<img src=\"livescript:[code]\">", ""); 537 sanitize("<img style=\"xss:expr/*XSS*/ession(alert('XSS'))\">", ""); 538 } 539 testInput()540 public void testInput() { 541 sanitize("<input accept=\"image/*\"/>", "<input accept=\"image/*\" />"); 542 sanitize("<input align=\"left\"/>", "<input align=\"left\" />"); 543 sanitize("<input alt=\"something\"/>", "<input alt=\"something\" />"); 544 sanitize("<input autocomplete=\"on\"/>", "<input autocomplete=\"on\" />"); 545 sanitize("<input autofocus=\"autofocus\"/>", "<input autofocus=\"autofocus\" />"); 546 sanitize("<input checked=\"checked\"/>", "<input checked=\"checked\" />"); 547 sanitize("<input disabled=\"disabled\"/>", "<input disabled=\"disabled\" />"); 548 sanitize("<input form=\"1\"/>", "<input form=\"1\" />"); 549 sanitize("<input formenctype=\"text/plain\"/>", "<input formenctype=\"text/plain\" />"); 550 sanitize("<input formmethod=\"post\"/>", "<input formmethod=\"post\" />"); 551 sanitize("<input formnovalidate=\"formnovalidate\"/>", 552 "<input formnovalidate=\"formnovalidate\" />"); 553 sanitize("<input formtarget=\"_top\"/>", "<input formtarget=\"_top\" />"); 554 sanitize("<input height=\"22\"/>", "<input height=\"22\" />"); 555 sanitize("<input list=\"something\"/>", "<input list=\"something\" />"); 556 sanitize("<input max=\"1000\"/>", "<input max=\"1000\" />"); 557 sanitize("<input maxlength=\"10\"/>", "<input maxlength=\"10\" />"); 558 sanitize("<input min=\"10\"/>", "<input min=\"10\" />"); 559 sanitize("<input multiple=\"multiple\"/>", "<input multiple=\"multiple\" />"); 560 sanitize("<input name=\"herman\"/>", "<input name=\"herman\" />"); 561 sanitize("<input pattern=\"*.*\"/>", "<input pattern=\"*.*\" />"); 562 sanitize("<input placeholder=\"something\"/>", "<input placeholder=\"something\" />"); 563 sanitize("<input readonly=\"readonly\"/>", "<input readonly=\"readonly\" />"); 564 sanitize("<input required=\"required\"/>", "<input required=\"required\" />"); 565 sanitize("<input size=\"22\"/>", "<input size=\"22\" />"); 566 sanitize("<input step=\"5\"/>", "<input step=\"5\" />"); 567 sanitize("<input type=\"button\"/>", "<input type=\"button\" />"); 568 sanitize("<input value=\"something\"/>", "<input value=\"something\" />"); 569 sanitize("<input width=\"50\"/>", "<input width=\"50\" />"); 570 sanitize("<input src=\"http://www.overhere.com/\"></input>", 571 "<input src=\"http://www.overhere.com/\" />"); 572 sanitize("<input src=\"https://www.overhere.com/\"></input>", 573 "<input src=\"https://www.overhere.com/\" />"); 574 sanitize("<input formaction=\"http://www.overhere.com/\"></input>", 575 "<input formaction=\"http://www.overhere.com/\" />"); 576 sanitize("<input formaction=\"https://www.overhere.com/\"></input>", 577 "<input formaction=\"https://www.overhere.com/\" />"); 578 579 sanitize("<input src=\"cid:ii_hyw5v8ej0\"></input>", ""); 580 sanitize("<input src=\"javascript:badness()\"></input>", ""); 581 sanitize("<input formaction=\"cid:ii_hyw5v8ej0\"></input>", ""); 582 sanitize("<input formaction=\"javascript:badness()\"></input>", ""); 583 sanitize("<input type=\"image\" src=\"javascript:alert('XSS');\">", 584 "<input type=\"image\" />"); 585 sanitize("<input type=\"text\" onchange=\"javascript:alert('XSS');\">", 586 "<input type=\"text\" />"); 587 sanitize("<input type=\"button\" onclick=\"javascript:alert('XSS');\">", 588 "<input type=\"button\" />"); 589 sanitize("<input type=\"button\" ondblclick=\"javascript:alert('XSS');\">", 590 "<input type=\"button\" />"); 591 } 592 testIns()593 public void testIns() { 594 sanitize("<ins>something</ins>", "<ins>something</ins>"); 595 sanitize("<ins cite=\"javascript:badness();\">something</ins>", "<ins>something</ins>"); 596 sanitize("<ins cite=\"http://www.reason.com/\">something</ins>", 597 "<ins cite=\"http://www.reason.com/\">something</ins>"); 598 sanitize("<ins cite=\"https://www.reason.com/\">something</ins>", 599 "<ins cite=\"https://www.reason.com/\">something</ins>"); 600 sanitize("<ins datetime=\"something\">something</ins>", 601 "<ins datetime=\"something\">something</ins>"); 602 603 sanitize("<ins cite=\"cid:ii_hyw5v8ej0\">something</ins>", 604 "<ins>something</ins>"); 605 } 606 testKbd()607 public void testKbd() { 608 sanitize("<kbd>something</kbd>", "<kbd>something</kbd>"); 609 } 610 testKeygen()611 public void testKeygen() { 612 sanitize("<keygen/>", "<keygen />"); 613 sanitize("<keygen autofocus=\"autofocus\"/>", "<keygen autofocus=\"autofocus\" />"); 614 sanitize("<keygen challenge=\"challenge\"/>", "<keygen challenge=\"challenge\" />"); 615 sanitize("<keygen disabled=\"disabled\"/>", "<keygen disabled=\"disabled\" />"); 616 sanitize("<keygen form=\"formId\"/>", "<keygen form=\"formId\" />"); 617 sanitize("<keygen keytype=\"rsa\"/>", "<keygen keytype=\"rsa\" />"); 618 sanitize("<keygen name=\"herman\"/>", "<keygen name=\"herman\" />"); 619 } 620 testLabel()621 public void testLabel() { 622 sanitize("<label for=\"elementId\">Something:</label>", "<label>Something:</label>"); 623 sanitize("<label form=\"formId\">Something:</label>", 624 "<label form=\"formId\">Something:</label>"); 625 } 626 testLegend()627 public void testLegend() { 628 sanitize("<legend>Something:</legend>", "<legend>Something:</legend>"); 629 sanitize("<legend align=\"left\">Something:</legend>", 630 "<legend align=\"left\">Something:</legend>"); 631 } 632 testLi()633 public void testLi() { 634 sanitize("<li>Something:</li>", "<li>Something:</li>"); 635 sanitize("<li type=\"a\">Something:</li>", "<li type=\"a\">Something:</li>"); 636 sanitize("<li value=\"11\">Something:</li>", "<li value=\"11\">Something:</li>"); 637 } 638 testLink()639 public void testLink() { 640 sanitize("<link charset=\"utf8\"/>", ""); 641 sanitize("<link href=\"http://www.reason.com/\"/>", ""); 642 sanitize("<link href=\"https://www.reason.com/\"/>", ""); 643 sanitize("<link href=\"cid:ii_hyw5v8ej0\"/>", ""); 644 sanitize("<link hreflang=\"fr_CA\"/>", ""); 645 sanitize("<link media=\"tv\"/>", ""); 646 sanitize("<link rel=\"alternate\"/>", ""); 647 sanitize("<link rev=\"something\"/>", ""); 648 sanitize("<link sizes=\"500x400\"/>", ""); 649 sanitize("<link target=\"_top\"/>", ""); 650 sanitize("<link type=\"mimeType\"/>", ""); 651 sanitize("<link href=\"javascript:alert('XSS');\">", ""); 652 } 653 testMain()654 public void testMain() { 655 sanitize("<main>something</main>", "<main>something</main>"); 656 } 657 testMap()658 public void testMap() { 659 sanitize("<map></map>", "<map></map>"); 660 sanitize("<map name=\"mapname\"></map>", "<map name=\"mapname\"></map>"); 661 } 662 testMark()663 public void testMark() { 664 sanitize("<mark>something</mark>", "<mark>something</mark>"); 665 } 666 testMenu()667 public void testMenu() { 668 sanitize("<menu></menu>", "<menu></menu>"); 669 sanitize("<menu label=\"Edit\"></menu>", "<menu label=\"Edit\"></menu>"); 670 sanitize("<menu type=\"popup\"></menu>", "<menu type=\"popup\"></menu>"); 671 } 672 testMenuitem()673 public void testMenuitem() { 674 sanitize("<menuitem></menuitem>", "<menuitem></menuitem>"); 675 sanitize("<menuitem checked=\"checked\"></menuitem>", 676 "<menuitem checked=\"checked\"></menuitem>"); 677 sanitize("<menuitem command=\"something\"></menuitem>", 678 "<menuitem command=\"something\"></menuitem>"); 679 sanitize("<menuitem default=\"default\"></menuitem>", 680 "<menuitem default=\"default\"></menuitem>"); 681 sanitize("<menuitem disabled=\"disabled\"></menuitem>", 682 "<menuitem disabled=\"disabled\"></menuitem>"); 683 sanitize("<menuitem icon=\"http://www.reason.com/\"></menuitem>", 684 "<menuitem icon=\"http://www.reason.com/\"></menuitem>"); 685 sanitize("<menuitem icon=\"https://www.reason.com/\"></menuitem>", 686 "<menuitem icon=\"https://www.reason.com/\"></menuitem>"); 687 sanitize("<menuitem label=\"something\"></menuitem>", 688 "<menuitem label=\"something\"></menuitem>"); 689 sanitize("<menuitem type=\"checkbox\"></menuitem>", 690 "<menuitem type=\"checkbox\"></menuitem>"); 691 sanitize("<menuitem radiogroup=\"something\"></menuitem>", 692 "<menuitem radiogroup=\"something\"></menuitem>"); 693 694 sanitize("<menuitem icon=\"cid:ii_hyw5v8ej0\"></menuitem>", "<menuitem></menuitem>"); 695 sanitize("<menuitem icon=\"javascript:badness()\"></menuitem>", "<menuitem></menuitem>"); 696 } 697 testMeta()698 public void testMeta() { 699 sanitize("<meta/>", ""); 700 sanitize("<meta charset=\"utf8\" />", ""); 701 sanitize("<meta content=\"something\" />", ""); 702 sanitize("<meta http-equiv=\"refresh\" />", ""); 703 sanitize("<meta name=\"description\" />", ""); 704 sanitize("<meta scheme=\"YYYY-MM-DD\" />", ""); 705 sanitize("<meta http-equiv=\"Link\" content=\"<http://ha.ckers.org/xss.css>; " + 706 "REL=stylesheet\">", ""); 707 sanitize("<meta http-equiv=\"refresh\" content=\"0;url=javascript:alert('XSS');\">", ""); 708 sanitize("<meta http-equiv=\"refresh\" content=\"0;url=data:text/html " + 709 "base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">", ""); 710 sanitize("<meta http-equiv=\"refresh\" CONTENT=\"0; url=http://;" + 711 "URL=javascript:alert('XSS');\">", ""); 712 } 713 testMeter()714 public void testMeter() { 715 sanitize("<meter>2 out of 10</meter>", "<meter>2 out of 10</meter>"); 716 sanitize("<meter form=\"formId\">2 out of 10</meter>", 717 "<meter form=\"formId\">2 out of 10</meter>"); 718 sanitize("<meter high=\"10\">2 out of 10</meter>", 719 "<meter high=\"10\">2 out of 10</meter>"); 720 sanitize("<meter low=\"10\">2 out of 10</meter>", "<meter low=\"10\">2 out of 10</meter>"); 721 sanitize("<meter max=\"10\">2 out of 10</meter>", "<meter max=\"10\">2 out of 10</meter>"); 722 sanitize("<meter min=\"10\">2 out of 10</meter>", "<meter min=\"10\">2 out of 10</meter>"); 723 sanitize("<meter optimum=\"10\">2 out of 10</meter>", 724 "<meter optimum=\"10\">2 out of 10</meter>"); 725 sanitize("<meter value=\"10\">2 out of 10</meter>", 726 "<meter value=\"10\">2 out of 10</meter>"); 727 } 728 testNav()729 public void testNav() { 730 sanitize("<nav>something</nav>", "<nav>something</nav>"); 731 } 732 testNoframes()733 public void testNoframes() { 734 sanitize("<noframes>No frames!</noframes>", ""); 735 } 736 testNoscript()737 public void testNoscript() { 738 sanitize("<noscript>No JavaScript!</noscript>", ""); 739 } 740 testObject()741 public void testObject() { 742 sanitize("<object>No Objects!</object>", ""); 743 sanitize("<object type=\"text/x-scriptlet\" data=\"http://ha.ckers.org/scriptlet.html\">" + 744 "</object>", ""); 745 } 746 testOl()747 public void testOl() { 748 sanitize("<ol></ol>", "<ol></ol>"); 749 sanitize("<ol compact=\"compact\"></ol>", "<ol compact=\"compact\"></ol>"); 750 sanitize("<ol reversed=\"reversed\"></ol>", "<ol reversed=\"reversed\"></ol>"); 751 sanitize("<ol start=\"11\"></ol>", "<ol start=\"11\"></ol>"); 752 sanitize("<ol type=\"a\"></ol>", "<ol type=\"a\"></ol>"); 753 } 754 testOptgroup()755 public void testOptgroup() { 756 sanitize("<optgroup></optgroup>", "<optgroup></optgroup>"); 757 sanitize("<optgroup disabled=\"disabled\"></optgroup>", 758 "<optgroup disabled=\"disabled\"></optgroup>"); 759 sanitize("<optgroup label=\"something\"></optgroup>", 760 "<optgroup label=\"something\"></optgroup>"); 761 } 762 testOption()763 public void testOption() { 764 sanitize("<option>something</option>", "<option>something</option>"); 765 sanitize("<option disabled=\"disabled\">something</option>", 766 "<option disabled=\"disabled\">something</option>"); 767 sanitize("<option label=\"something\">something</option>", 768 "<option label=\"something\">something</option>"); 769 sanitize("<option selected=\"selected\">something</option>", 770 "<option selected=\"selected\">something</option>"); 771 sanitize("<option value=\"volvo\">something</option>", 772 "<option value=\"volvo\">something</option>"); 773 } 774 testOutput()775 public void testOutput() { 776 sanitize("<output></output>", "<output></output>"); 777 sanitize("<output for=\"elementId\"></output>", "<output></output>"); 778 sanitize("<output form=\"formId\"></output>", "<output form=\"formId\"></output>"); 779 sanitize("<output name=\"something\"></output>", "<output name=\"something\"></output>"); 780 } 781 testP()782 public void testP() { 783 sanitize("<p>something</p>", "<p>something</p>"); 784 sanitize("<p align=\"left\">something</p>", "<p align=\"left\">something</p>"); 785 } 786 testParam()787 public void testParam() { 788 sanitize("<param name=\"autoplay\" value=\"true\">", ""); 789 } 790 testPre()791 public void testPre() { 792 sanitize("<pre>something</pre>", "<pre>something</pre>"); 793 sanitize("<pre width=\"400\">something</pre>", "<pre width=\"400\">something</pre>"); 794 } 795 testProgress()796 public void testProgress() { 797 sanitize("<progress></progress>", "<progress></progress>"); 798 sanitize("<progress value=\"22\"></progress>", "<progress value=\"22\"></progress>"); 799 sanitize("<progress max=\"100\"></progress>", "<progress max=\"100\"></progress>"); 800 } 801 testQ()802 public void testQ() { 803 sanitize("<q>something</q>", "<q>something</q>"); 804 sanitize("<q cite=\"http://www.reason.com/\">something</q>", 805 "<q cite=\"http://www.reason.com/\">something</q>"); 806 sanitize("<q cite=\"https://www.reason.com/\">something</q>", 807 "<q cite=\"https://www.reason.com/\">something</q>"); 808 809 sanitize("<q cite=\"cid:ii_hyw5v8ej0\">something</q>", "<q>something</q>"); 810 sanitize("<q cite=\"javascript:badness()\">something</q>", "<q>something</q>"); 811 } 812 testRp()813 public void testRp() { 814 sanitize("<rp>something</rp>", "<rp>something</rp>"); 815 } 816 testRt()817 public void testRt() { 818 sanitize("<rt>something</rt>", "<rt>something</rt>"); 819 } 820 testRuby()821 public void testRuby() { 822 sanitize("<ruby></ruby>", "<ruby></ruby>"); 823 } 824 testS()825 public void testS() { 826 sanitize("<s>old skool strikethrough</s>", "<s>old skool strikethrough</s>"); 827 } 828 testSamp()829 public void testSamp() { 830 sanitize("<samp>something</samp>", "<samp>something</samp>"); 831 } 832 testScript()833 public void testScript() { 834 sanitize("<script>malicious script</script>", ""); 835 sanitize("<<script>alert(\"XSS\");//<</script>", "<"); 836 sanitize("<script src=http://ha.ckers.org/xss.js></script>", ""); 837 sanitize("<script/XSS src=\"http://ha.ckers.org/xss.js\"></script>", ""); 838 sanitize("<script/src=\"http://ha.ckers.org/xss.js\"></script>", ""); 839 sanitize("<script src=http://ha.ckers.org/xss.js?< B >", ""); 840 sanitize("<script src=//ha.ckers.org/.j>", ""); 841 sanitize("</title><script>alert(\"XSS\");</script>", ""); 842 sanitize("<script src=\"http://ha.ckers.org/xss.jpg\"></script>", ""); 843 844 String attack = "';alert(String.fromCharCode(88,83,83))//';" + 845 "alert(String.fromCharCode(88,83,83))//\";\n" + 846 "alert(String.fromCharCode(88,83,83))//\";" + 847 "alert(String.fromCharCode(88,83,83))//--\n" + 848 "></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>"; 849 String defend = "';alert(String.fromCharCode(88,83,83))//';" + 850 "alert(String.fromCharCode(88,83,83))//";\n" + 851 "alert(String.fromCharCode(88,83,83))//";" + 852 "alert(String.fromCharCode(88,83,83))//--\n" + 853 ">">'>"; 854 sanitize(attack, defend); 855 } 856 testSection()857 public void testSection() { 858 sanitize("<section>something</section>", "<section>something</section>"); 859 } 860 testSelect()861 public void testSelect() { 862 sanitize("<select></select>", "<select></select>"); 863 sanitize("<select autofocus=\"autofocus\"></select>", 864 "<select autofocus=\"autofocus\"></select>"); 865 sanitize("<select disabled=\"disabled\"></select>", 866 "<select disabled=\"disabled\"></select>"); 867 sanitize("<select form=\"formId\"></select>", "<select form=\"formId\"></select>"); 868 sanitize("<select multiple=\"multiple\"></select>", 869 "<select multiple=\"multiple\"></select>"); 870 sanitize("<select required=\"required\"></select>", 871 "<select required=\"required\"></select>"); 872 sanitize("<select size=\"11\"></select>", "<select size=\"11\"></select>"); 873 } 874 testSmall()875 public void testSmall() { 876 sanitize("<small>something</small>", "<small>something</small>"); 877 } 878 testSource()879 public void testSource() { 880 sanitize("<source/>", ""); 881 sanitize("<source></source>", ""); 882 } 883 testSpan()884 public void testSpan() { 885 sanitize("<span style=\"color:blue\">something</span>", 886 "<span style=\"color:blue\">something</span>"); 887 } 888 testStrike()889 public void testStrike() { 890 sanitize("<strike>something</strike>", "<strike>something</strike>"); 891 } 892 testStrong()893 public void testStrong() { 894 sanitize("<strong>something</strong>", "<strong>something</strong>"); 895 } 896 testStyle()897 public void testStyle() { 898 sanitize("<style>something</style>", ""); 899 sanitize("<style media=\"something\">something</style>", ""); 900 sanitize("<style scoped=\"scoped\">something</style>", ""); 901 sanitize("<style type=\"text/css\">something</style>", ""); 902 sanitize("<style>li {list-style-image: url(\"javascript:alert('XSS')\");}</style>", ""); 903 sanitize("<style>@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';</style>", ""); 904 sanitize("<style>body{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</style>", 905 ""); 906 sanitize("<style>@import'http://ha.ckers.org/xss.css';</style>", ""); 907 sanitize("<style type=\"text/javascript\">alert('XSS');</style>", ""); 908 sanitize("<style>.XSS{background-image:url(\"javascript:alert('XSS')\");}</style>" + 909 "<a class=XSS></a>", ""); 910 sanitize("<style type=\"text/css\">body{background:url(\"javascript:alert('XSS')\")}" + 911 "</style>", ""); 912 } 913 testSub()914 public void testSub() { 915 sanitize("<sub>something</sub>", "<sub>something</sub>"); 916 } 917 testSummary()918 public void testSummary() { 919 sanitize("<summary>something</summary>", "<summary>something</summary>"); 920 } 921 testSup()922 public void testSup() { 923 sanitize("<sup>something</sup>", "<sup>something</sup>"); 924 } 925 testTable()926 public void testTable() { 927 sanitize("<table></table>", "<table></table>"); 928 sanitize("<table align=\"left\"></table>", "<table align=\"left\"></table>"); 929 sanitize("<table bgcolor=\"red\"></table>", "<table bgcolor=\"red\"></table>"); 930 sanitize("<table border=\"1\"></table>", "<table border=\"1\"></table>"); 931 sanitize("<table cellpadding=\"1\"></table>", "<table cellpadding=\"1\"></table>"); 932 sanitize("<table cellspacing=\"1\"></table>", "<table cellspacing=\"1\"></table>"); 933 sanitize("<table frame=\"void\"></table>", "<table frame=\"void\"></table>"); 934 sanitize("<table rules=\"none\"></table>", "<table rules=\"none\"></table>"); 935 sanitize("<table sortable=\"sortable\"></table>", "<table sortable=\"sortable\"></table>"); 936 sanitize("<table summary=\"something\"></table>", "<table summary=\"something\"></table>"); 937 sanitize("<table width=\"11\"></table>", "<table width=\"11\"></table>"); 938 939 sanitize("<table background=\"javascript:alert('XSS')\">", "<table></table>"); 940 } 941 testTbody()942 public void testTbody() { 943 sanitize("<tbody></tbody>", "<tbody></tbody>"); 944 sanitize("<tbody char=\"something\"></tbody>", "<tbody char=\"something\"></tbody>"); 945 sanitize("<tbody charoff=\"11\"></tbody>", "<tbody charoff=\"11\"></tbody>"); 946 sanitize("<tbody valign=\"top\"></tbody>", "<tbody valign=\"top\"></tbody>"); 947 } 948 testTd()949 public void testTd() { 950 sanitize("<td></td>", "<td></td>"); 951 sanitize("<td abbr=\"something\"></td>", "<td abbr=\"something\"></td>"); 952 sanitize("<td align=\"left\"></td>", "<td align=\"left\"></td>"); 953 sanitize("<td axis=\"something\"></td>", "<td axis=\"something\"></td>"); 954 sanitize("<td bgcolor=\"red\"></td>", "<td bgcolor=\"red\"></td>"); 955 sanitize("<td char=\"something\"></td>", "<td char=\"something\"></td>"); 956 sanitize("<td charoff=\"22\"></td>", "<td charoff=\"22\"></td>"); 957 sanitize("<td colspan=\"33\"></td>", "<td colspan=\"33\"></td>"); 958 sanitize("<td height=\"44\"></td>", "<td height=\"44\"></td>"); 959 sanitize("<td nowrap=\"nowrap\"></td>", "<td nowrap=\"nowrap\"></td>"); 960 sanitize("<td rowspan=\"3\"></td>", "<td rowspan=\"3\"></td>"); 961 sanitize("<td scope=\"col\"></td>", "<td scope=\"col\"></td>"); 962 sanitize("<td valign=\"top\"></td>", "<td valign=\"top\"></td>"); 963 sanitize("<td width=\"55\"></td>", "<td width=\"55\"></td>"); 964 965 sanitize("<td headers=\"headerId\"></td>", "<td></td>"); 966 sanitize("<td background=\"javascript:alert('XSS')\">", "<td></td>"); 967 } 968 testTextarea()969 public void testTextarea() { 970 sanitize("<textarea></textarea>", "<textarea></textarea>"); 971 sanitize("<textarea autofocus=\"autofocus\"></textarea>", 972 "<textarea autofocus=\"autofocus\"></textarea>"); 973 sanitize("<textarea cols=\"1\"></textarea>", "<textarea cols=\"1\"></textarea>"); 974 sanitize("<textarea disabled=\"disabled\"></textarea>", 975 "<textarea disabled=\"disabled\"></textarea>"); 976 sanitize("<textarea form=\"formId\"></textarea>", "<textarea form=\"formId\"></textarea>"); 977 sanitize("<textarea maxlength=\"2\"></textarea>", "<textarea maxlength=\"2\"></textarea>"); 978 sanitize("<textarea name=\"something\"></textarea>", 979 "<textarea name=\"something\"></textarea>"); 980 sanitize("<textarea placeholder=\"something\"></textarea>", 981 "<textarea placeholder=\"something\"></textarea>"); 982 sanitize("<textarea readonly=\"readonly\"></textarea>", 983 "<textarea readonly=\"readonly\"></textarea>"); 984 sanitize("<textarea required=\"required\"></textarea>", 985 "<textarea required=\"required\"></textarea>"); 986 sanitize("<textarea rows=\"3\"></textarea>", "<textarea rows=\"3\"></textarea>"); 987 sanitize("<textarea wrap=\"soft\"></textarea>", "<textarea wrap=\"soft\"></textarea>"); 988 } 989 testTfoot()990 public void testTfoot() { 991 sanitize("<tfoot></tfoot>", "<tfoot></tfoot>"); 992 sanitize("<tfoot align=\"left\"></tfoot>", "<tfoot align=\"left\"></tfoot>"); 993 sanitize("<tfoot char=\"something\"></tfoot>", "<tfoot char=\"something\"></tfoot>"); 994 sanitize("<tfoot charoff=\"1\"></tfoot>", "<tfoot charoff=\"1\"></tfoot>"); 995 sanitize("<tfoot valign=\"top\"></tfoot>", "<tfoot valign=\"top\"></tfoot>"); 996 } 997 testTh()998 public void testTh() { 999 sanitize("<th></th>", "<th></th>"); 1000 sanitize("<th abbr=\"something\"></th>", "<th abbr=\"something\"></th>"); 1001 sanitize("<th align=\"left\"></th>", "<th align=\"left\"></th>"); 1002 sanitize("<th axis=\"something\"></th>", "<th axis=\"something\"></th>"); 1003 sanitize("<th bgcolor=\"red\"></th>", "<th bgcolor=\"red\"></th>"); 1004 sanitize("<th char=\"something\"></th>", "<th char=\"something\"></th>"); 1005 sanitize("<th charoff=\"22\"></th>", "<th charoff=\"22\"></th>"); 1006 sanitize("<th colspan=\"33\"></th>", "<th colspan=\"33\"></th>"); 1007 sanitize("<th height=\"44\"></th>", "<th height=\"44\"></th>"); 1008 sanitize("<th nowrap=\"nowrap\"></th>", "<th nowrap=\"nowrap\"></th>"); 1009 sanitize("<th rowspan=\"3\"></th>", "<th rowspan=\"3\"></th>"); 1010 sanitize("<th scope=\"col\"></th>", "<th scope=\"col\"></th>"); 1011 sanitize("<th sorted=\"reversed\"></th>", "<th sorted=\"reversed\"></th>"); 1012 sanitize("<th valign=\"top\"></th>", "<th valign=\"top\"></th>"); 1013 sanitize("<th width=\"55\"></th>", "<th width=\"55\"></th>"); 1014 1015 sanitize("<th headers=\"headerId\"></th>", "<th></th>"); 1016 } 1017 testThead()1018 public void testThead() { 1019 sanitize("<thead></thead>", "<thead></thead>"); 1020 sanitize("<thead align=\"left\"></thead>", "<thead align=\"left\"></thead>"); 1021 sanitize("<thead char=\"something\"></thead>", "<thead char=\"something\"></thead>"); 1022 sanitize("<thead charoff=\"1\"></thead>", "<thead charoff=\"1\"></thead>"); 1023 sanitize("<thead valign=\"top\"></thead>", "<thead valign=\"top\"></thead>"); 1024 } 1025 testTime()1026 public void testTime() { 1027 sanitize("<time></time>", "<time></time>"); 1028 sanitize("<time datetime=\"datetime\"></time>", "<time datetime=\"datetime\"></time>"); 1029 } 1030 testTitle()1031 public void testTitle() { 1032 sanitize("<title>something</title>", ""); 1033 } 1034 testTr()1035 public void testTr() { 1036 sanitize("<tr></tr>", "<tr></tr>"); 1037 sanitize("<tr align=\"left\"></tr>", "<tr align=\"left\"></tr>"); 1038 sanitize("<tr bgcolor=\"red\"></tr>", "<tr bgcolor=\"red\"></tr>"); 1039 sanitize("<tr char=\"something\"></tr>", "<tr char=\"something\"></tr>"); 1040 sanitize("<tr charoff=\"1\"></tr>", "<tr charoff=\"1\"></tr>"); 1041 sanitize("<tr valign=\"top\"></tr>", "<tr valign=\"top\"></tr>"); 1042 } 1043 testTrack()1044 public void testTrack() { 1045 sanitize("<track/>", ""); 1046 sanitize("<track></track>", ""); 1047 } 1048 testTt()1049 public void testTt() { 1050 sanitize("<tt>something</tt>", "<tt>something</tt>"); 1051 } 1052 testU()1053 public void testU() { 1054 sanitize("<u>something</u>", "<u>something</u>"); 1055 } 1056 testUl()1057 public void testUl() { 1058 sanitize("<ul compact=\"compact\"></ul>", "<ul compact=\"compact\"></ul>"); 1059 sanitize("<ul type=\"disc\"></ul>", "<ul type=\"disc\"></ul>"); 1060 } 1061 testVar()1062 public void testVar() { 1063 sanitize("<var>something</var>", "<var>something</var>"); 1064 } 1065 testVideo()1066 public void testVideo() { 1067 sanitize("<video></video>", ""); 1068 } 1069 testWbr()1070 public void testWbr() { 1071 sanitize("word1<wbr/>word2", "word1<wbr />word2"); 1072 } 1073 sanitize(String dirtyHTML, String expectedHTML)1074 private void sanitize(String dirtyHTML, String expectedHTML) { 1075 final String cleansedHTML = HtmlSanitizer.sanitizeHtml(dirtyHTML); 1076 assertEquals(expectedHTML, cleansedHTML); 1077 } 1078 } 1079
