sync/tests/xss.js

var sanitize = require('../lib/xss').sanitizeHTML;
var assert = require('assert');

function basicTest() {
    assert(sanitize("<  script src   =  bad.js>blah</script>") ===
                    "[tag removed]blah[tag removed]");

    assert(sanitize("< img src=asdf onerror='alert(\"xss\")'>") ===
                    "<img src=\"asdf\">");

    assert(sanitize("<a href='javascript:alert(document.cookie)'>") === 
                    "<a href=\":()\">");

    assert(sanitize("<a ") === "<a>");

    assert(sanitize("<img src=\"<a href=\"javascript:void(0)\">>") ===
                    "<img src=\"<a href=\" javascriptvoid0=\"\">>");
}

basicTest();
console.log("Tests passed.");
Implement basic XSS filter 2013-10-31 05:39:35 +00:00			`var sanitize = require('../lib/xss').sanitizeHTML;`
			`var assert = require('assert');`

			`function basicTest() {`
			`assert(sanitize("< script src = bad.js>blah</script>") ===`
			`"[tag removed]blah[tag removed]");`

			`assert(sanitize("< img src=asdf onerror='alert(\"xss\")'>") ===`
			`"<img src=\"asdf\">");`

			`assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===`
			`"<a href=\":()\">");`
Fix a few edge cases for XSS 2013-10-31 05:48:01 +00:00
			`assert(sanitize("<a ") === "<a>");`

			`assert(sanitize("<img src=\"<a href=\"javascript:void(0)\">>") ===`
			`"<img src=\"<a href=\" javascriptvoid0=\"\">>");`
Implement basic XSS filter 2013-10-31 05:39:35 +00:00			`}`

			`basicTest();`
			`console.log("Tests passed.");`