"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "test/test-suite.js" between
DOMPurify-3.0.1.tar.gz and DOMPurify-3.0.2.tar.gz

About: DOMPurify is a DOM-only XSS sanitizer for HTML, MathML and SVG (written in JavaScript).

[ To the main DOMPurify source changes report ]

test-suite.js  (DOMPurify-3.0.1):test-suite.js  (DOMPurify-3.0.2)
skipping to change at line 1419 skipping to change at line 1419
expected: '<a>demo</a>', expected: '<a>demo</a>',
}, },
]; ];
tests.forEach(function (test) { tests.forEach(function (test) {
var str = DOMPurify.sanitize(test.test, { var str = DOMPurify.sanitize(test.test, {
ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?):|[^a-z]|[a-z+.\-]+(?:[^a-z+. \-:]|$))/i, ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?):|[^a-z]|[a-z+.\-]+(?:[^a-z+. \-:]|$))/i,
}); });
assert.equal(str, test.expected); assert.equal(str, test.expected);
}); });
}); });
QUnit.test('Ensure ALLOWED_URI_REGEXP is not cached', function(assert) {
const
dirty = '<img src="https://different.com">',
expected = '<img src="https://different.com">';
assert.equal(DOMPurify.sanitize(dirty), expected);
// sanitize with a custom URI regexp
assert.equal(DOMPurify.sanitize('<img src="https://test.com">', {
ALLOWED_URI_REGEXP: /test\.com/i
}), '<img src="https://test.com">');
// ensure that the previous regexp does not affect future santize calls
assert.equal(DOMPurify.sanitize(dirty), expected);
});
QUnit.test( QUnit.test(
'Avoid freeze when using tables and ALLOW_TAGS', 'Avoid freeze when using tables and ALLOW_TAGS',
function (assert) { function (assert) {
var clean = DOMPurify.sanitize('<table><tr><td></td></tr></table>', { var clean = DOMPurify.sanitize('<table><tr><td></td></tr></table>', {
ALLOW_TAGS: ['table', 'tr', 'td'], ALLOW_TAGS: ['table', 'tr', 'td'],
}); });
assert.equal(clean, '<table><tbody><tr><td></td></tr></tbody></table>'); assert.equal(clean, '<table><tbody><tr><td></td></tr></tbody></table>');
} }
); );
QUnit.test( QUnit.test(
skipping to change at line 2062 skipping to change at line 2077
}); });
assert.equal(DOMPurify.sanitize(dirty), expected); assert.equal(DOMPurify.sanitize(dirty), expected);
// remove hook and keep it // remove hook and keep it
const hookFunction = DOMPurify.removeHook(entryPoint); const hookFunction = DOMPurify.removeHook(entryPoint);
assert.equal(DOMPurify.sanitize(dirty), dirty); assert.equal(DOMPurify.sanitize(dirty), dirty);
// set the same hook // set the same hook
DOMPurify.addHook(entryPoint, hookFunction); DOMPurify.addHook(entryPoint, hookFunction);
assert.equal(DOMPurify.sanitize(dirty), expected); assert.equal(DOMPurify.sanitize(dirty), expected);
// cleanup hook
DOMPurify.removeHook(entryPoint);
}); });
}; };
}); });
 End of changes. 2 change blocks. 
0 lines changed or deleted 18 lines changed or added
To the JavaScript Files section of the DOMPurify source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)