1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
#!/usr/bin/env perl
use warnings;
use strict;
use Test::More;
use HTML::Restrict ();
my $hr = HTML::Restrict->new;
$hr->debug(0);
$hr->set_rules( { a => [ 'href', 'class' ] } );
my $text = q{<a href="javascript:alert(1)">oops!</a>};
my $clean = $hr->process($text);
is $clean, '<a>oops!</a>', 'bad scheme removed';
is $hr->process(q{<a href="javascript:evil_script()">evil</a>}),
'<a>evil</a>', 'bad scheme removed';
foreach my $uri (
'http://vilerichard.com', 'https://vilerichard.com',
'//vilerichard.com', '/music'
) {
my $img = qq[<a href="$uri">click</a>];
is $hr->process($img), $img, 'good uri scheme preserved';
}
is $hr->process(
q{<a class=""><script>alert("oops");</script><a href=""></a>}
),
q{<a class=""><script>alert("oops");</script><a href=""></a>},
'attribute value filtered';
done_testing();
|
