diff options
Diffstat (limited to 'test/rdoc/test_rdoc_markup_to_html.rb')
-rw-r--r-- | test/rdoc/test_rdoc_markup_to_html.rb | 141 |
1 files changed, 136 insertions, 5 deletions
diff --git a/test/rdoc/test_rdoc_markup_to_html.rb b/test/rdoc/test_rdoc_markup_to_html.rb index e5d7a35710..e3affa533c 100644 --- a/test/rdoc/test_rdoc_markup_to_html.rb +++ b/test/rdoc/test_rdoc_markup_to_html.rb @@ -391,11 +391,43 @@ class TestRDocMarkupToHtml < RDoc::Markup::FormatterTestCase end def test_accept_paragraph_newline + hellos = ["hello", "\u{393 3b5 3b9 3ac} \u{3c3 3bf 3c5}"] + worlds = ["world", "\u{3ba 3cc 3c3 3bc 3bf 3c2}"] + ohayo, sekai = %W"\u{304a 306f 3088 3046} \u{4e16 754c}" + + hellos.product(worlds) do |hello, world| + @to.start_accepting + @to.accept_paragraph para("#{hello}\n", "#{world}\n") + assert_equal "\n<p>#{hello} #{world}</p>\n", @to.res.join + end + + hellos.each do |hello| + @to.start_accepting + @to.accept_paragraph para("#{hello}\n", "#{sekai}\n") + assert_equal "\n<p>#{hello}#{sekai}</p>\n", @to.res.join + end + + worlds.each do |world| + @to.start_accepting + @to.accept_paragraph para("#{ohayo}\n", "#{world}\n") + assert_equal "\n<p>#{ohayo}#{world}</p>\n", @to.res.join + end + @to.start_accepting + @to.accept_paragraph para("#{ohayo}\n", "#{sekai}\n") + assert_equal "\n<p>#{ohayo}#{sekai}</p>\n", @to.res.join - @to.accept_paragraph para("hello\n", "world\n") + @to.start_accepting + @to.accept_paragraph para("+hello+\n", "world\n") + assert_equal "\n<p><code>hello</code> world</p>\n", @to.res.join + + @to.start_accepting + @to.accept_paragraph para("hello\n", "+world+\n") + assert_equal "\n<p>hello <code>world</code></p>\n", @to.res.join - assert_equal "\n<p>hello world </p>\n", @to.res.join + @to.start_accepting + @to.accept_paragraph para("+hello+\n", "+world+\n") + assert_equal "\n<p><code>hello</code> <code>world</code></p>\n", @to.res.join end def test_accept_heading_output_decoration @@ -602,9 +634,9 @@ end end def test_accept_verbatim_redefinable_operators - functions = %w[| ^ & <=> == === =~ > >= < <= << >> + - * / % ** ~ +@ -@ [] []= ` ! != !~].map { |redefinable_op| + functions = %w[| ^ & <=> == === =~ > >= < <= << >> + - * / % ** ~ +@ -@ [] []= ` ! != !~].flat_map { |redefinable_op| ["def #{redefinable_op}\n", "end\n"] - }.flatten + } verb = @RM::Verbatim.new(*functions) @@ -665,6 +697,26 @@ EXPECTED assert_equal "\n<p>C</p>\n", result end + def test_convert_RDOCLINK_escape_image + assert_escaped '<script>', 'rdoc-image:"><script>alert(`rdoc-image`)</script>"' + end + + def test_convert_RDOCLINK_escape_label_id + assert_escaped '<script>', 'rdoc-label::path::"><script>alert(`rdoc-label_id`)</script>"' + end + + def test_convert_RDOCLINK_escape_label_path + assert_escaped '<script>', 'rdoc-label::"><script>alert(`rdoc-label_path`)</script>"' + end + + def test_convert_RDOCLINK_escape_ref + assert_escaped '<script>', 'rdoc-ref:"><script>alert(`rdoc-ref`)</script>"' + end + + def test_convert_RDOCLINK_escape_xxx + assert_escaped '<script>', 'rdoc-xxx:"><script>alert(`rdoc-xxx`)</script>"' + end + def test_convert_TIDYLINK_footnote result = @to.convert 'text{*1}[rdoc-label:foottext-1:footmark-1]' @@ -690,6 +742,11 @@ EXPECTED "\n<p><a href=\"http://example.com\"><img src=\"path/to/image.jpg\"></a></p>\n" assert_equal expected, result + + result = + @to.convert '{rdoc-image:<script>alert`link text`</script>}[http://example.com]' + + assert_not_include result, "<script>" end def test_convert_TIDYLINK_rdoc_label @@ -704,6 +761,23 @@ EXPECTED assert_equal "\n<p><a href=\"irc://irc.freenode.net/#ruby-lang\">ruby-lang</a></p>\n", result end + def test_convert_TIDYLINK_escape_text + assert_escaped '<script>', '{<script>alert`link text`</script>}[a]' + assert_escaped '<script>', 'x:/<script>alert(1);</script>[[]' + end + + def test_convert_TIDYLINK_escape_javascript + assert_not_include '{click}[javascript:alert`javascript_scheme`]', '<a href="javascript:' + end + + def test_convert_TIDYLINK_escape_onmouseover + assert_escaped '"/onmouseover="', '{onmouseover}[http://"/onmouseover="alert`on_mouse_link`"]' + end + + def test_convert_TIDYLINK_escape_onerror + assert_escaped '"onerror="', '{link_image}[http://"onerror="alert`link_image`".png]' + end + def test_convert_with_exclude_tag assert_equal "\n<p><code>aaa</code>[:symbol]</p>\n", @to.convert('+aaa+[:symbol]') assert_equal "\n<p><code>aaa[:symbol]</code></p>\n", @to.convert('+aaa[:symbol]+') @@ -794,6 +868,11 @@ EXPECTED assert_equal '<a href="irc://irc.freenode.net/#ruby-lang">irc.freenode.net/#ruby-lang</a>', link end + def test_handle_regexp_HYPERLINK_escape + code = 'irc://irc.freenode.net/"><script>alert(`irc`)</script><a"' + assert_escaped '<script>', code + end + def test_list_verbatim_2 str = "* one\n verb1\n verb2\n* two\n" @@ -812,6 +891,26 @@ EXPECTED assert_equal expected, @m.convert(str, @to) end + def test_block_quote_in_verbatim + str = "BlockQuote\n >>>\n" + + expected = <<-EXPECTED +<p>BlockQuote</p> +<pre>>>></pre> + EXPECTED + + assert_equal expected, @m.convert(str, @to).gsub(/^\n/, "") + + str = "BlockQuote\n >>> word\n" + + expected = <<-EXPECTED +<p>BlockQuote</p> +<pre>>>> word</pre> + EXPECTED + + assert_equal expected, @m.convert(str, @to).gsub(/^\n/, "") + end + def test_parseable_eh valid_syntax = [ 'def x() end', @@ -856,5 +955,37 @@ EXPECTED @to.end_accepting end + def test_accept_table + header = %w[Col1 Col2 Col3] + body = [ + %w[cell1_1 cell1_2 cell1_3], + %w[cell2_1 cell2_2 cell2_3], + ['<script>alert("foo");</script>',], + %w[+code+ _em_ **strong**], + ] + aligns = [:left, :right, nil] + @to.start_accepting + @to.accept_table(header, body, aligns) + res = @to.end_accepting + assert_include(res[%r<<th[^<>]*>Col1</th>>], 'align="left"') + assert_include(res[%r<<th[^<>]*>Col2</th>>], 'align="right"') + assert_not_include(res[%r<<th[^<>]*>Col3</th>>], 'align=') + assert_include(res[%r<<td[^<>]*>cell1_1</td>>], 'align="left"') + assert_include(res[%r<<td[^<>]*>cell1_2</td>>], 'align="right"') + assert_not_include(res[%r<<td[^<>]*>cell1_3</td>>], 'align=') + assert_include(res[%r<<td[^<>]*>cell2_1</td>>], 'align="left"') + assert_include(res[%r<<td[^<>]*>cell2_2</td>>], 'align="right"') + assert_not_include(res[%r<<td[^<>]*>cell2_3</td>>], 'align=') + assert_not_include(res, '<script>') + assert_include(res[%r<<td[^<>]*>.*script.*</td>>], '<script>') + assert_include(res[%r<<td[^<>]*>.*code.*</td>>], '<code>code</code>') + assert_include(res[%r<<td[^<>]*>.*em.*</td>>], '<em>em</em>') + assert_include(res[%r<<td[^<>]*>.*strong.*</td>>], '<strong>strong</strong>') + end + + def assert_escaped(unexpected, code) + result = @to.convert(code) + assert_not_include result, unexpected + assert_include result, CGI.escapeHTML(unexpected) + end end - |