@Test public void enforceTagWhiteList() throws Exception { String markup = "<p><style type=\"text/css\">A { font : bold }</style>text <b>bold text</b></p>" + "<b>Bold text</b><i>Italic text<b>Bold text</b></i>"; String sanitized = "<p>text <b>bold text</b></p><b>Bold text</b>"; assertEquals(sanitized, rewrite(gadget, markup, set("p", "b"), set())); }
@Test public void enforceCssImportBadLinkStripped() throws Exception { String markup = "<style type=\"text/css\">@import url('javascript:doevil()'); A { font : bold }</style>"; String sanitized = "<html><head><style>A {\n" + " font: bold\n" + "}</style></head><body></body></html>"; assertEquals(sanitized, rewrite(gadget, markup, set("style"), set())); }
@Test public void enforceImageSrcProxied() throws Exception { String markup = "<img src='http://www.evil.com/x.js'>Evil happens</img>"; String sanitized = "<img src=\"http://host.com/proxy?url=http%3A%2F%2F" + "www.evil.com%2Fx.js&sanitize=1&rewriteMime=image%2F*\">Evil happens"; assertEquals(sanitized, rewrite(gadget, markup, set("img"), set("src"))); }
@Test public void enforceImageSrcProxiedNoCacheAndDebug() throws Exception { String markup = "<img src='http://www.evil.com/x.js'>Evil happens</img>"; String sanitized = "<img src=\"http://host.com/proxy?url=http%3A%2F%2Fwww.evil.com" + "%2Fx.js&sanitize=1&rewriteMime=image%2F*\">Evil happens"; assertEquals(sanitized, rewrite(gadgetNoCacheAndDebug, markup, set("img"), set("src"))); }
@Test public void enforceTargetTopRestricted() throws Exception { String markup = "<a href=\"http://www.example.com\" target=\"_top\">x</a>"; String sanitized = "<a href=\"http://www.example.com\">x</a>"; assertEquals(sanitized, rewrite(gadget, markup, set("a"), set("href", "target"))); }
@Test public void enforceTagWhiteList() throws Exception { String markup = "<p><style type=\"text/css\">A { font : bold }</style>text <b>bold text</b></p>" + "<b>Bold text</b><i>Italic text<b>Bold text</b></i>"; String sanitized = "<p>text <b>bold text</b></p><b>Bold text</b>"; assertEquals(sanitized, rewrite(gadget, markup, set("p", "b"), set())); }
@Test public void enforceImageSrcProxiedNoCacheAndDebug() throws Exception { String markup = "<img src='http://www.evil.com/x.js'>Evil happens</img>"; String sanitized = "<img src=\"http://host.com/proxy?url=http%3A%2F%2Fwww.evil.com" + "%2Fx.js&sanitize=1&rewriteMime=image%2F*\">Evil happens"; assertEquals(sanitized, rewrite(gadgetNoCacheAndDebug, markup, set("img"), set("src"))); }
@Test public void enforceBadImageUrlStripped() throws Exception { String markup = "<img src='java\\ script:evil()'>Evil happens</img>"; String sanitized = "<img>Evil happens"; assertEquals(sanitized, rewrite(gadget, markup, set("img"), set("src"))); }
@Test public void enforceNonStyleLinkStripped() throws Exception { String markup = "<link rel=\"script\" " + "href=\"www.exmaple.org/evil.js\"/>"; String rewritten = rewrite(gadget, markup, set("link"), set("rel", "href", "type")); assertEquals("<html><head></head><body></body></html>", rewritten); }
@Test public void enforceTargetTopRestricted() throws Exception { String markup = "<a href=\"http://www.example.com\" target=\"_top\">x</a>"; String sanitized = "<a href=\"http://www.example.com\">x</a>"; assertEquals(sanitized, rewrite(gadget, markup, set("a"), set("href", "target"))); }
@Test public void enforceAttributeWhiteList() throws Exception { String markup = "<p foo=\"bar\" bar=\"baz\">Paragraph</p>"; String sanitized = "<p bar=\"baz\">Paragraph</p>"; assertEquals(sanitized, rewrite(gadget, markup, set("p"), set("bar"))); }
@Test public void enforceNonStyleLinkStripped() throws Exception { String markup = "<link rel=\"script\" " + "href=\"www.exmaple.org/evil.js\"/>"; String rewritten = rewrite(gadget, markup, set("link"), set("rel", "href", "type")); assertEquals("<html><head></head><body></body></html>", rewritten); }
@Test public void enforceNonStyleLinkStrippedNoCacheAndDebug() throws Exception { String markup = "<link rel=\"script\" " + "href=\"www.exmaple.org/evil.js\"/>"; String rewritten = rewrite(gadgetNoCacheAndDebug, markup, set("link"), set("rel", "href", "type")); assertEquals("<html><head></head><body></body></html>", rewritten); }
@Test public void enforceCssImportBadLinkStripped() throws Exception { String markup = "<style type=\"text/css\">@import url('javascript:doevil()'); A { font : bold }</style>"; String sanitized = "<html><head><style>A {\n" + " font: bold\n" + "}</style></head><body></body></html>"; assertEquals(sanitized, rewrite(gadget, markup, set("style"), set())); }
@Test public void allCommentsStripped() throws Exception { String markup = "<b>Hello, world</b><!--<b>evil</b>-->"; assertEquals("<b>Hello, world</b>", rewrite(gadget, markup, set("b"), set())); }
@Test public void enforceStyleSanitized() throws Exception { String markup = "<p><style type=\"text/css\">A { font : bold; behavior : bad }</style>text <b>bold text</b></p>" + "<b>Bold text</b><i>Italic text<b>Bold text</b></i>"; String sanitized = "<html><head></head><body><p><style>A {\n font: bold\n}</style>text " + "<b>bold text</b></p><b>Bold text</b></body></html>"; assertEquals(sanitized, rewrite(gadget, markup, set("p", "b", "style"), set())); }
@Test public void allCommentsStripped() throws Exception { String markup = "<b>Hello, world</b><!--<b>evil</b>-->"; assertEquals("<b>Hello, world</b>", rewrite(gadget, markup, set("b"), set())); }
@Test public void enforceNonStyleLinkStripped() throws Exception { String markup = "<link rel=\"script\" " + "href=\"www.exmaple.org/evil.js\"/>"; String rewritten = rewrite(gadget, markup, set("link"), set("rel", "href", "type")); assertEquals("<html><head></head><body></body></html>", rewritten); }
@Test public void enforceNonStyleLinkStrippedNoCacheAndDebug() throws Exception { String markup = "<link rel=\"script\" " + "href=\"www.exmaple.org/evil.js\"/>"; String rewritten = rewrite(gadgetNoCacheAndDebug, markup, set("link"), set("rel", "href", "type")); assertEquals("<html><head></head><body></body></html>", rewritten); }
@Test public void doesNothingWhenNotSanitized() throws Exception { String markup = "<script src=\"http://evil.org/evil\"></script> <b>hello</b>"; Gadget gadget = new Gadget().setContext(unsanitaryGadgetContext); gadget.setSpec(new GadgetSpec(Uri.parse("www.example.org/gadget.xml"), "<Module><ModulePrefs title=''/><Content type='html'/></Module>")); gadget.setCurrentView(gadget.getSpec().getViews().values().iterator().next()); assertEquals(markup, rewrite(gadget, markup, set("b"), set())); }