public void assertStyleEquals(String expected, CssTree.StyleSheet styleSheet) throws Exception { assertEquals(parser.serialize(parser.parseDom(expected)), parser.serialize(styleSheet)); } }
@Test public void testSanitizeUnsafeProperties() throws Exception { String css = ".xyz { behavior: url('xyz.htc'); -moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\") }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testSanitizeUnsafeProperties() throws Exception { String css = ".xyz { behavior: url('xyz.htc'); -moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\") }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
public void assertStyleEquals(String expected, CssTree.StyleSheet styleSheet) throws Exception { assertEquals(parser.serialize(parser.parseDom(expected)), parser.serialize(styleSheet)); } }
@Test public void testSanitizeFunctionCall() throws Exception { String css = ".xyz { font : iamevil(bold); }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
public void assertStyleEquals(String expected, CssTree.StyleSheet styleSheet) throws Exception { assertEquals(parser.serialize(parser.parseDom(expected)), parser.serialize(styleSheet)); } }
@Test public void testSanitizeScriptUrls() throws Exception { String css = ".xyz { background: url('javascript:doevill'); background : url(vbscript:moreevil); }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testProxyUrls() throws Exception { String css = ".xyz { background: url('http://www.example.org/img.gif');}"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz { " + "background: url('//www.mock.com/dir/proxy?container=mockContainer&gadget=http%3A%2F%2Fwww.example.org%2Fbase" + "&debug=0&nocache=0&rewriteMime=image%2F%2a&sanitize=1&" + "url=http%3A%2F%2Fwww.example.org%2Fimg.gif');}", styleSheet); }
@Test public void testSanitizeFunctionCall() throws Exception { String css = ".xyz { font : iamevil(bold); }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testSanitizeCleanToParent() throws Exception { String css = ".q_action:hover, #questionsDIV li:nth-child(even) .q_action:hover, .stream li:nth-child(even) .q_action:hover {" + " background: #d0ebfe; text-decoration: none; }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(css, styleSheet); }
@Test public void testSanitizeScriptUrls() throws Exception { String css = ".xyz { background: url('javascript:doevill'); background : url(vbscript:moreevil); }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testPreserveSafe() throws Exception { String css = ".xyz { font: bold;} A { color: #7f7f7f}"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(css, styleSheet); }
@Test public void testSanitizeBadField() throws Exception { String css = ".xyz { iamevil: 1; }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testProxyUrls() throws Exception { String css = ".xyz { background: url('http://www.example.org/img.gif');}"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz { " + "background: url('//www.mock.com/dir/proxy?container=mockContainer&gadget=http%3A%2F%2Fwww.example.org%2Fbase" + "&debug=0&nocache=0&url=http%3A%2F%2Fwww.example.org%2Fimg.gif&" + "sanitize=1&rewriteMime=image%2F%2a');}", styleSheet); }
@Test public void testSanitizeCleanToParent() throws Exception { String css = ".q_action:hover, #questionsDIV li:nth-child(even) .q_action:hover, .stream li:nth-child(even) .q_action:hover {" + " background: #d0ebfe; text-decoration: none; }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(css, styleSheet); }
@Test public void testSanitizeBadField() throws Exception { String css = ".xyz { iamevil: 1; }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testSanitizeUnsafeProperties() throws Exception { String css = ".xyz { behavior: url('xyz.htc'); -moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\") }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testProxyUrls() throws Exception { String css = ".xyz { background: url('http://www.example.org/img.gif');}"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz { " + "background: url('//www.mock.com/dir/proxy?container=mockContainer&gadget=http%3A%2F%2Fwww.example.org%2Fbase" + "&debug=0&nocache=0&rewriteMime=image%2F%2a&sanitize=1&" + "url=http%3A%2F%2Fwww.example.org%2Fimg.gif');}", styleSheet); }
@Test public void testSanitizeScriptUrls() throws Exception { String css = ".xyz { background: url('javascript:doevill'); background : url(vbscript:moreevil); }"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(".xyz {}", styleSheet); }
@Test public void testPreserveSafe() throws Exception { String css = ".xyz { font: bold;} A { color: #7f7f7f}"; CssTree.StyleSheet styleSheet = parser.parseDom(css); sanitizer.sanitize(styleSheet, DUMMY, gadgetContext, importRewriter, imageRewriter); assertStyleEquals(css, styleSheet); }