1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
use strict;
use warnings;
use Test::Fatal qw( exception );
use Test::More;
use HTML::Restrict;
# Behaviour as of 2.3.0 is for
# <<input>div onmouseover="alert(1);">hover over me<<input>/div>
# to get pared down to
# <div onmouseover="alert(1);">hover over me</div>
# with a subsequent call to process() returning
# hover over me
# So, malformed HTML is actually being turned into valid HTML on the first pass
# and the tags are not being stripped. This is a regression test for fixing the
# issue noted above.
my $html = '<<input>div onmouseover="alert(1);">hover over me<<input>/div>';
{
my $hr = HTML::Restrict->new;
is(
$hr->process($html), 'hover over me',
'malformed HTML is correctly cleaned'
);
}
{
my $attempts = 2;
my $hr = HTML::Restrict->new( max_parser_loops => $attempts );
like(
exception { $hr->process($html) },
qr/after $attempts attempts/,
'dies after max loops exceeded',
);
$hr->max_parser_loops(3);
is( $hr->process('<foo>bar'), 'bar', 'can parse after caught exception' );
}
{
for my $i ( -1 .. 1 ) {
like(
exception { HTML::Restrict->new( max_parser_loops => $i ) },
qr/did not pass type constraint/i,
'max_parser_loops cannot be ' . $i,
);
}
}
done_testing();
|
