'), '')
assert_equal(HtmlSanitizer.strict(''), ' ')
assert_equal(HtmlSanitizer.strict(' test'), ' test')
assert_equal(HtmlSanitizer.strict(' test'), ' test')
assert_equal(HtmlSanitizer.strict(' test', true), ' test')
assert_equal(HtmlSanitizer.strict(' ) '), ' ')
assert_equal(HtmlSanitizer.strict(' '), '')
assert_equal(HtmlSanitizer.strict(' +ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-'), ' +ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-/SCRIPT+AD4-')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(' XSS'), ' XSS')
assert_equal(HtmlSanitizer.strict(' XSS', true), ' XSS')
assert_equal(HtmlSanitizer.strict(' XSS'), ' XSS')
assert_equal(HtmlSanitizer.strict(' XSS', true), ' XSS')
assert_equal(HtmlSanitizer.strict(' '), 'X')
assert_equal(HtmlSanitizer.strict(' CLICKME'), 'CLICKME')
assert_equal(HtmlSanitizer.strict(' CLICKME'), 'CLICKME')
assert_equal(HtmlSanitizer.strict(' CLICKME', true), 'CLICKME')
assert_equal(HtmlSanitizer.strict('  '), ' ')
assert_equal(HtmlSanitizer.strict(' //) '), '<//) ')
assert_equal(HtmlSanitizer.strict(' '), '<//) '), '//) ')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '![]() ')
assert_equal(HtmlSanitizer.strict('XXX'), 'XXX')
assert_equal(HtmlSanitizer.strict('XXX', true), 'XXX')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict('', true), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict('
123
abc123
abc')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict(''), '')
assert_equal(HtmlSanitizer.strict('test'), 'test')
assert_equal(HtmlSanitizer.strict('test'), 'test')
assert_equal(HtmlSanitizer.strict('test'), 'test')
api_path = Rails.configuration.api_path
http_type = Setting.get('http_type')
fqdn = Setting.get('fqdn')
attachment_url = "#{http_type}://#{fqdn}#{api_path}/ticket_attachment/239/986/1653"
attachment_url_good = "#{attachment_url}?disposition=attachment"
attachment_url_evil = "#{attachment_url}?disposition=inline"
assert_equal(HtmlSanitizer.strict("Evil link"), "Evil link")
assert_equal(HtmlSanitizer.strict("Good link"), "Good link")
assert_equal(HtmlSanitizer.strict("No disposition"), "No disposition")
different_fqdn_url = attachment_url_evil.gsub(fqdn, 'some.other.tld')
assert_equal(HtmlSanitizer.strict("Different FQDN"), "Different FQDN")
attachment_url_evil_other = "#{attachment_url}?disposition=some_other"
assert_equal(HtmlSanitizer.strict("Evil link"), "Evil link")
assert_equal(HtmlSanitizer.strict('test'), 'test')
assert_equal(HtmlSanitizer.strict('apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ InR=
elease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease [3781 =
B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Sou=
rces [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Pac=
kages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066 B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages [23.8 =
kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 M=
etadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-=
11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DE=
P-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status prüfen
Reading package lists...
Building dependency tree...
'), 'apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ InR=
elease [3820 B]
Hit:5 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:6 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ InRelease [3781 =
B]
Get:7 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Sou=
rces [2710 B]
Get:8 http://10.10.21.205:3207/dprepo/ubuntu experimental/20.04_x86_64/ Pac=
kages [6507 B]
Get:9 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Sources [9066 B]
Get:10 http://10.10.21.205:3207/dprepo/ubuntu 20.04_x86_64/ Packages [23.8 =
kB]
Get:11 http://security.ubuntu.com/ubuntu focal-security/main amd64 DEP-11 M=
etadata [40.6 kB]
Get:12 http://security.ubuntu.com/ubuntu focal-security/universe amd64 DEP-=
11 Metadata [66.3 kB]
Get:13 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 DE=
P-11 Metadata [2464 B]
Fetched 273 kB in 1s (288 kB/s)
Reading package lists...
Batterie-Status prüfen
Reading package lists...
Building dependency tree...
')
end
end
|