Home Verkennen Help
Inloggen
Lumina-Internal
/
VLEX
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 55473b7e7c
Aftakkingen Labels
VLEX
/
BPM-UI
/
node_modules
/
@braintree
/
sanitize-url
/
test
/
test.js

test.js 4.1 KB
Geschiedenis Ruwe

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. 'use strict';
    2. 

  2. 

  3. var expect = require('chai').expect;
    4. 

  4. var sanitizeUrl = require('../').sanitizeUrl;
    5. 

  5. 

  6. describe('sanitizeUrl', function () {
    7. 

  7.   it('replaces javascript urls with about:blank', function () {
    8. 

  8.     expect(sanitizeUrl('javascript:alert(document.domain)')).to.equal('about:blank');
    9. 

  9.   });
    10. 

  10. 

  11.   it('disregards capitalization for JavaScript urls', function () {
    12. 

  12.     expect(sanitizeUrl('jAvasCrIPT:alert(document.domain)')).to.equal('about:blank');
    13. 

  13.   });
    14. 

  14. 

  15.   it('ignores ctrl characters in javascript urls', function () {
    16. 

  16.     expect(sanitizeUrl(decodeURIComponent('JaVaScRiP%0at:alert(document.domain)'))).to.equal('about:blank');
    17. 

  17.   });
    18. 

  18. 

  19.   it('replaces javascript urls with about:blank when javascript url begins with %20', function () {
    20. 

  20.     expect(sanitizeUrl('%20%20%20%20javascript:alert(document.domain)')).to.equal('about:blank');
    21. 

  21.   });
    22. 

  22. 

  23.   it('replaces javascript urls with about:blank when javascript url begins with \s', function () {
    24. 

  24.     expect(sanitizeUrl('    javascript:alert(document.domain)')).to.equal('about:blank');
    25. 

  25.   });
    26. 

  26. 

  27.   it('does not replace javascript: if it is not in the scheme of the URL', function () {
    28. 

  28.     expect(sanitizeUrl('http://example.com#myjavascript:foo')).to.equal('http://example.com#myjavascript:foo');
    29. 

  29.   });
    30. 

  30. 

  31.   it('replaces data urls with about:blank', function () {
    32. 

  32.     expect(sanitizeUrl('data:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
    33. 

  33.   });
    34. 

  34. 

  35.   it('replaces data urls with about:blank when data url begins with %20', function () {
    36. 

  36.     expect(sanitizeUrl('%20%20%20%20data:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
    37. 

  37.   });
    38. 

  38. 

  39.   it('replaces data urls with about:blank when data url begins with \s', function () {
    40. 

  40.     expect(sanitizeUrl('    data:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
    41. 

  41.   });
    42. 

  42. 

  43.   it('disregards capitalization for data urls', function () {
    44. 

  44.     expect(sanitizeUrl('dAtA:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank');
    45. 

  45.   });
    46. 

  46. 

  47.   it('ignores ctrl characters in data urls', function () {
    48. 

  48.     expect(sanitizeUrl(decodeURIComponent('dat%0aa:text/html;base64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E'))).to.equal('about:blank');
    49. 

  49.   });
    50. 

  50. 

  51.   it('does not alter http URLs', function () {
    52. 

  52.     expect(sanitizeUrl('http://example.com/path/to:something')).to.equal('http://example.com/path/to:something');
    53. 

  53.   });
    54. 

  54. 

  55.   it('does not alter http URLs with ports', function () {
    56. 

  56.     expect(sanitizeUrl('http://example.com:4567/path/to:something')).to.equal('http://example.com:4567/path/to:something');
    57. 

  57.   });
    58. 

  58. 

  59.   it('does not alter https URLs', function () {
    60. 

  60.     expect(sanitizeUrl('https://example.com')).to.equal('https://example.com');
    61. 

  61.   });
    62. 

  62. 

  63.   it('does not alter https URLs with ports', function () {
    64. 

  64.     expect(sanitizeUrl('https://example.com:4567/path/to:something')).to.equal('https://example.com:4567/path/to:something');
    65. 

  65.   });
    66. 

  66. 

  67.   it('does not alter relative-path reference URLs', function () {
    68. 

  68.     expect(sanitizeUrl('./path/to/my.json')).to.equal('./path/to/my.json');
    69. 

  69.   });
    70. 

  70. 

  71.   it('does not alter absolute-path reference URLs', function () {
    72. 

  72.     expect(sanitizeUrl('/path/to/my.json')).to.equal('/path/to/my.json');
    73. 

  73.   });
    74. 

  74. 

  75.   it('does not alter network-path relative URLs', function () {
    76. 

  76.     expect(sanitizeUrl('//google.com/robots.txt')).to.equal('//google.com/robots.txt');
    77. 

  77.   });
    78. 

  78. 

  79.   it('does not alter deep-link urls', function () {
    80. 

  80.     expect(sanitizeUrl('com.braintreepayments.demo://example')).to.equal('com.braintreepayments.demo://example');
    81. 

  81.   });
    82. 

  82. 

  83.   it('does not alter mailto urls', function () {
    84. 

  84.       expect(sanitizeUrl('mailto:test@example.com?subject=hello+world')).to.equal('mailto:test@example.com?subject=hello+world');
    85. 

  85.   });
    86. 

  86. 

  87.   it('replaces blank urls with about:blank', function () {
    88. 

  88.     expect(sanitizeUrl('')).to.equal('about:blank');
    89. 

  89.   });
    90. 

  90. 

  91.   it('replaces null values with about:blank', function () {
    92. 

  92.     expect(sanitizeUrl(null)).to.equal('about:blank');
    93. 

  93.   });
    94. 

  94. 

  95.   it('removes whitespace from urls', function () {
    96. 

  96.     expect(sanitizeUrl('   http://example.com/path/to:something    ')).to.equal('http://example.com/path/to:something');
    97. 

  97.   });
    98. 

  98. });
    99.