1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
use strict;
use warnings;
use Test::More;
use HTML::Restrict ();
# Behaviour as of 2.3.0 is for
# <<input>div onmouseover="alert(1);">hover over me<<input>/div>
# to get pared down to
# <div onmouseover="alert(1);">hover over me</div>
# with a subsequent call to process() returning
# hover over me
# So, malformed HTML is actually being turned into valid HTML on the first pass
# and the tags are not being stripped. This is a regression test for fixing the
# issue noted above.
my $html = q{<<input>div onmouseover="alert(1);">hover over me<<input>/div>};
{
my $hr = HTML::Restrict->new;
is(
$hr->process(
q{<<input>div onmouseover="alert(1);">hover over me<<input>/div>}
),
q{<div onmouseover="alert(1);">hover over me</div>},
'malformed HTML is correctly cleaned'
);
}
{
my $hr = HTML::Restrict->new;
is(
$hr->process(
'&<input></input>lt; θ &aMp; 2 P «g;'),
'&lt; θ &aMp; 2 P «g;',
'badly encoded entities corrected'
);
}
done_testing();
|
