public void DisallowNonTrustedAbsoluteLinks()
{
var ctx = new PortableHtmlContext();
Assert.AreNotEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com/x", false));
Assert.AreNotEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com/x", true));
}
public void CoverToString()
{
var ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.Full,
Level = PortableHtmlStrictLevel.AllowLists,
BaseUri = new Uri("http://ya.ru/x")
};
ctx.TrustedHosts.Add("me.com");
ctx.TrustedHosts.Add("you.com");
const string html = "<!--x--><DIV a='1'><p/><a href='javascript:hack()'/></DIV>";
ctx = PortableHtmlSchema.Validate(html, ctx);
var result = ctx.ToString();
Console.WriteLine(result);
Assert.AreEqual(@"Level : AllowLists
Strategy : Full
IsOk : False
SchemaError : InvalidRootTag, CommentsDetected, RootInline, UnknownAttribute, EmptyElement, UpperCaseDetected, DangerousLink
BaseUri : 'http://ya.ru/x'
Trust : 'me.com'
Trust : 'you.com'
CommentsDetected 0:0/
InvalidRootTag 1:10/./
UnknownAttribute 1:10/.//@a
UpperCaseDetected 1:10/./
EmptyElement 1:21/./p[1]
EmptyElement 1:25/./a[1]
DangerousLink 1:25/./a[1]
RootInline 1:25/./a[1]
", result);
}
public void AllowsPhtmlAttributes(string html)
{
var ctx = new PortableHtmlContext();
var result = PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(PortableHtmlSchemaErorr.None, result.SchemaError);
}
public void DisableUnknownAttributesByDefault(string html)
{
var ctx = new PortableHtmlContext();
var result = PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(PortableHtmlSchemaErorr.UnknownAttribute, result.SchemaError);
}
public void DisallowBadSchemasReferences(string url)
{
var ctx = new PortableHtmlContext();
Assert.AreNotEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState(url, false));
Assert.AreNotEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState(url, true));
}
public void CanTrustAllLinks()
{
var ctx = new PortableHtmlContext();
ctx.Level |= PortableHtmlStrictLevel.TrustAllLinks;
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com:8080/x", false));
Assert.AreNotEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com:8080/x", true));
}
public void AllowUnknownAttributesWithOption(string html)
{
var ctx = new PortableHtmlContext {
Level = PortableHtmlStrictLevel.AllowUnknownAttributes
};
var result = PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(PortableHtmlSchemaErorr.None, result.SchemaError);
}
public void InlineNodesDirectlyUnderContainersAreNotAllowed(string html)
{
var ctx = new PortableHtmlContext {
Level = PortableHtmlStrictLevel.AllowExtensions
};
var result = PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(PortableHtmlSchemaErorr.InlineInNonTextElement, result.SchemaError);
}
public void TablesInParasNotAllowed(string html)
{
var ctx = new PortableHtmlContext {
Level = PortableHtmlStrictLevel.AllowTables
};
var result = PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(PortableHtmlSchemaErorr.NestedParaElements, result.SchemaError);
}
public void AllowTrustedAbsoluteLinks()
{
var ctx = new PortableHtmlContext();
ctx.TrustedHosts.Add("my.site.com");
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com/x", false));
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com/x", true));
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com:8080/x", false));
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com:8080/x", true));
}
public void AllowBaseUriAbsoluteLinks()
{
var ctx = new PortableHtmlContext();
ctx.BaseUri = new Uri("https://my.site.com:443/u");
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com/x", false));
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com/x", true));
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com:8080/x", false));
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("http://my.site.com:8080/x", true));
}
public void StrategySupport(string html, PortableHtmlVerificationStrategy strategy, int errorcount)
{
var ctx = new PortableHtmlContext {
Strategy = strategy
};
var result = PortableHtmlSchema.Validate(html, ctx);
Assert.False(result.Ok);
foreach (var e in result.Errors)
{
Console.WriteLine("{0} {1} {2} {3}", e.Error, e.Line, e.Column, e.XPath);
}
Assert.AreEqual(errorcount, result.Errors.Count);
}
public void TableSupport(string html, bool result)
{
var ctx = new PortableHtmlContext {
Level = PortableHtmlStrictLevel.AllowLists | PortableHtmlStrictLevel.AllowTables
};
ctx = PortableHtmlSchema.Validate(html, ctx);
Console.WriteLine(ctx);
if (result)
{
Assert.True(ctx.Ok);
}
else
{
Assert.False(ctx.Ok);
}
}
public void AllowBrIfOptionChoosed(string html, bool result)
{
var ctx = new PortableHtmlContext {
Level = PortableHtmlStrictLevel.AllowBr
};
ctx = PortableHtmlSchema.Validate(html, ctx);
Console.WriteLine(ctx);
Assert.AreEqual(result, ctx.Ok);
if (result)
{
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.SchemaError);
}
else
{
Assert.AreNotEqual(PortableHtmlSchemaErorr.None, ctx.SchemaError);
}
}
public void CoverManyDeprecatedAttributesInRowInDistinctStrategies()
{
var html = "<div><p a='1' b='2'>x</p><p/></div>";
var ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.Full
};
PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(3, ctx.Errors.Count);
ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.ForcedElementResult
};
PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(2, ctx.Errors.Count);
ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.ForcedResult
};
PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(1, ctx.Errors.Count);
}
public void CoverManyNestErrorsInDistinctStrategies()
{
var html = "<div><p><p>x<ul>x<li>x</li></ul></p></p></div>";
var ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.Full, Level = PortableHtmlStrictLevel.AllowLists
};
PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(3, ctx.Errors.Count);
ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.ForcedElementResult, Level = PortableHtmlStrictLevel.AllowLists
};
PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(2, ctx.Errors.Count);
ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.ForcedResult, Level = PortableHtmlStrictLevel.AllowLists
};
PortableHtmlSchema.Validate(html, ctx);
Assert.AreEqual(1, ctx.Errors.Count);
}
public void InForcedStrategiesMarksElementsNotToReproduce()
{
var ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.Full
};
var e = new XElement("test");
Assert.True(ctx.InChecking(e));
ctx.SetError(PortableHtmlSchemaErorr.None, e);
Assert.True(ctx.InChecking(e), "Full");
ctx.Strategy = PortableHtmlVerificationStrategy.ForcedElementResult;
e = new XElement("test");
Assert.True(ctx.InChecking(e));
ctx.SetError(PortableHtmlSchemaErorr.None, e);
Assert.False(ctx.InChecking(e), "ForcedElement");
ctx.Strategy = PortableHtmlVerificationStrategy.ForcedResult;
e = new XElement("test");
Assert.True(ctx.InChecking(e));
ctx.SetError(PortableHtmlSchemaErorr.None, e);
Assert.False(ctx.InChecking(e), "ForcedResult");
}
public void DeactivatesInForcedResultMode()
{
var ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.ForcedResult
};
Assert.True(ctx.IsActive);
ctx.SetError(PortableHtmlSchemaErorr.InvalidRootTag);
Assert.False(ctx.IsActive, "Forced");
ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.ForcedElementResult
};
Assert.True(ctx.IsActive);
ctx.SetError(PortableHtmlSchemaErorr.InvalidRootTag);
Assert.True(ctx.IsActive, "ForcedResult");
ctx = new PortableHtmlContext {
Strategy = PortableHtmlVerificationStrategy.Full
};
Assert.True(ctx.IsActive);
ctx.SetError(PortableHtmlSchemaErorr.InvalidRootTag);
Assert.True(ctx.IsActive, "Full");
}
public void DisallowDataOnAnchors()
{
var ctx = new PortableHtmlContext();
Assert.AreNotEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("data:image", false));
}
public void AllowDataOnImages()
{
var ctx = new PortableHtmlContext();
Assert.AreEqual(PortableHtmlSchemaErorr.None, ctx.GetUriTrustState("data:image", true));
}