HtmlChangeReporterTest.java revision 6f2fc048ffc4ada68fabb389eb3f409229625b90 
16f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// Copyright (c) 2011, Mike Samuel
26f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// All rights reserved.
36f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel//
46f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// Redistribution and use in source and binary forms, with or without
56f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// modification, are permitted provided that the following conditions
66f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// are met:
76f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel//
86f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// Redistributions of source code must retain the above copyright
96f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// notice, this list of conditions and the following disclaimer.
106f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// Redistributions in binary form must reproduce the above copyright
116f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// notice, this list of conditions and the following disclaimer in the
126f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// documentation and/or other materials provided with the distribution.
136f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// Neither the name of the OWASP nor the names of its contributors may
146f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// be used to endorse or promote products derived from this software
156f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// without specific prior written permission.
166f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
176f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
186f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
196f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
206f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
216f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
226f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
236f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
246f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
256f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
266f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
276f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel// POSSIBILITY OF SUCH DAMAGE.
286f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel
296f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuelpackage org.owasp.html;
306f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel
316f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuelimport junit.framework.TestCase;
326f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel
336f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuelpublic class HtmlChangeReporterTest extends TestCase {
346f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel
356f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel  public final void testChangeReporting() {
366f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    final Integer testContext = 123;
376f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel
386f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    StringBuilder out = new StringBuilder();
396f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    final StringBuilder log = new StringBuilder();
406f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    HtmlStreamRenderer renderer = HtmlStreamRenderer.create(
416f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        out, Handler.DO_NOTHING);
426f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    HtmlChangeListener<Integer> listener = new HtmlChangeListener<Integer>() {
436f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel      public void discardedTag(Integer context, String elementName) {
446f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        assertSame(testContext, context);
456f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        log.append('<').append(elementName).append("> ");
466f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel      }
476f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel
486f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel      public void discardedAttribute(
496f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel          Integer context, String tagName, String attributeName) {
506f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        assertSame(testContext, context);
516f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        log.append('<').append(tagName).append(' ').append(attributeName)
526f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel           .append("> ");
536f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel      }
546f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    };
556f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    HtmlChangeReporter<Integer> hcr = new HtmlChangeReporter<Integer>(
566f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        renderer, listener, testContext);
576f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel
586f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    hcr.setPolicy(Sanitizers.FORMATTING.apply(hcr.getWrappedRenderer()));
596f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    HtmlSanitizer.sanitize(
606f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        "<textarea>Hello</textarea>,<b onclick=alert(42)>World</B>!<PLAINTEXT>",
616f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel        hcr);
626f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    assertEquals("Hello,<b>World</b>!", out.toString());
636f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel    assertEquals("<textarea> <b onclick> <plaintext> ", log.toString());
646f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel  }
656f2fc048ffc4ada68fabb389eb3f409229625b90mikesamuel}
66