something

package com.android.mail.utils; import android.test.AndroidTestCase; import android.test.suitebuilder.annotation.SmallTest; /** * These test cases verify that each white listed element and attribute is accepted by the sanitizer * and everything else is correctly discarded. */ @SmallTest public class BasicHtmlSanitizerTest extends AndroidTestCase { public void testAttributeDir() { sanitize("

something

", "

something

"); sanitize("

something

", "

something

"); sanitize("

something

", "

something

"); sanitize("

something

", "

something

"); sanitize("

something

", "

something

"); } public void testA() { // allowed attributes sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); // disallowed attributes (all links should launch a browser so we don't need these) sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("xxs link", "xxs link"); sanitize("xxs link", "xxs link"); sanitize("xxs link", "xxs link"); sanitize("exp/*", "exp/*"); } public void testAbbr() { sanitize("UK", "UK"); } public void testAcronym() { sanitize("WWW", "WWW"); } public void testAddress() { sanitize("

"); } public void testAside() { sanitize("", ""); } public void testAudio() { sanitize("

something

", "

something

"); sanitize("

something

", "

something

"); sanitize("

something

", "

something

"); sanitize("

", "
"); } /** * The body tag will be supplied by code that wraps this email with other formatting logic. * So, any body tags appearing within the email are translated to div tags. */ public void testBody() { sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); // take extra care to ensure that these scripting callbacks don't survive sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); sanitize("", "
"); } public void testBr() { sanitize("something
something", "something
something"); sanitize("something
something", "something
something"); } public void testButton() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testCanvas() { sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testCaption() { sanitize("something", "something"); sanitize("something", "something"); } public void testCenter() { sanitize("something", "something"); } public void testCite() { sanitize("something", "something"); } public void testCode() { sanitize("something", "something"); } public void testCol() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testColgroup() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testDatalist() { sanitize("", ""); } public void testDd() { sanitize("
something
", "
something
"); } public void testDel() { sanitize("~~something~~", "~~something~~"); sanitize("~~something~~", "~~something~~"); sanitize("~~something~~", "~~something~~"); sanitize("~~something~~", "~~something~~"); } public void testDetails() { sanitize("
something
", "
something
"); } public void testDfn() { sanitize("something", "something"); } public void testDialog() { sanitize("This is an open dialog window", "This is an open dialog window"); } public void testDir() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testDiv() { sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); } public void testDl() { sanitize("
", "
"); } public void testDt() { sanitize("
", "
"); } public void testEm() { sanitize("something", "something"); } public void testEmbed() { sanitize("", ""); } public void testFieldset() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testFigcaption() { sanitize("
Fig1. something
", "
Fig1. something
"); } public void testFigure() { sanitize("
something
", "
something
"); } public void testFont() { sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); } public void testFooter() { sanitize("
something
", "
something
"); } public void testForm() { sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); } public void testFrame() { sanitize("", ""); } public void testFrameset() { sanitize("", ""); sanitize("", ""); } public void testHead() { sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testHeader() { sanitize("
", "
"); } public void testH1() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testH2() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testH3() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testH4() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testH5() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testH6() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testHr() { sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); } public void testHtml() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testI() { sanitize("", ""); } public void testIframe() { sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testIsindex() { sanitize("", ""); } public void testImg() { sanitize("", ""); sanitize("", ""); sanitize(" $\"something\"/$ ", " $\"something\"$ "); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("\">", "">"); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testInput() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testIns() { sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); } public void testKbd() { sanitize("something", "something"); } public void testKeygen() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testLabel() { sanitize("Something:", "Something:"); sanitize("Something:", "Something:"); } public void testLegend() { sanitize("Something:", "Something:"); sanitize("Something:", "Something:"); } public void testLi() { sanitize("
Something:
", "
Something:
"); sanitize("
Something:
", "
Something:
"); sanitize("
Something:
", "
Something:
"); } public void testLink() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testMain() { sanitize("
something
", "
something
"); } public void testMap() { sanitize("", ""); sanitize("", ""); } public void testMark() { sanitize("something", "something"); } public void testMenu() { sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testMenuitem() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testMeta() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("; " + "REL=stylesheet\">", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testMeter() { sanitize("2 out of 10", "2 out of 10"); sanitize("2 out of 10", "2 out of 10"); sanitize("2 out of 10", "2 out of 10"); sanitize("2 out of 10", "2 out of 10"); sanitize("2 out of 10", "2 out of 10"); sanitize("2 out of 10", "2 out of 10"); sanitize("2 out of 10", "2 out of 10"); sanitize("2 out of 10", "2 out of 10"); } public void testNav() { sanitize("
something
", "
something
"); } public void testNoframes() { sanitize("", ""); } public void testNoscript() { sanitize("", ""); } public void testObject() { sanitize("", ""); sanitize("", ""); } public void testOl() { sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); } public void testOptgroup() { sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testOption() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testOutput() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testP() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testParam() { sanitize("", ""); } public void testPre() { sanitize("
something
", "
something
"); sanitize("
something
", "
something
"); } public void testProgress() { sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testQ() { sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); sanitize("something", "something"); } public void testRp() { sanitize("something", "something"); } public void testRt() { sanitize("something", "something"); } public void testRuby() { sanitize("", ""); } public void testS() { sanitize("~~old skool strikethrough~~", "~~old skool strikethrough~~"); } public void testSamp() { sanitize("something", "something"); } public void testScript() { sanitize("", ""); sanitize("<", "<"); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); String attack = "';alert(String.fromCharCode(88,83,83))//';" + "alert(String.fromCharCode(88,83,83))//\";\n" + "alert(String.fromCharCode(88,83,83))//\";" + "alert(String.fromCharCode(88,83,83))//--\n" + ">\">'>"; String defend = "';alert(String.fromCharCode(88,83,83))//';" + "alert(String.fromCharCode(88,83,83))//";\n" + "alert(String.fromCharCode(88,83,83))//";" + "alert(String.fromCharCode(88,83,83))//--\n" + ">">'>"; sanitize(attack, defend); } public void testSection() { sanitize("
something
", "
something
"); } public void testSelect() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testSmall() { sanitize("something", "something"); } public void testSource() { sanitize("", ""); sanitize("", ""); } public void testSpan() { sanitize("something", "something"); } public void testStrike() { sanitize("~~something~~", "~~something~~"); } public void testStrong() { sanitize("something", "something"); } public void testStyle() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("" + "", ""); sanitize("", ""); } public void testSub() { sanitize("_something", "_something"); } public void testSummary() { sanitize("
something
", "
something
"); } public void testSup() { sanitize("^something", "^something"); } public void testTable() { sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("
", "
"); sanitize("", "
"); } public void testTbody() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testTd() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testTextarea() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testTfoot() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testTh() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testThead() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testTime() { sanitize("", ""); sanitize("", ""); } public void testTitle() { sanitize("something", ""); } public void testTr() { sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); sanitize("", ""); } public void testTrack() { sanitize("", ""); sanitize("", ""); } public void testTt() { sanitize("something", "something"); } public void testU() { sanitize("something", "something"); } public void testUl() { sanitize("
", "
"); sanitize("
", "
"); } public void testVar() { sanitize("something", "something"); } public void testVideo() { sanitize("", ""); } public void testWbr() { sanitize("word1word2", "word1word2"); } private void sanitize(String dirtyHTML, String expectedHTML) { final String cleansedHTML = HtmlSanitizer.sanitizeHtml(dirtyHTML); assertEquals(expectedHTML, cleansedHTML); } }