public void DoNotClearUrlText()
{
var extender = new HtmlEditorExtender();
extender.EnableSanitization = false;
var text = "Please click <a href=\"www.curl.com\">here</a>.";
var actual = extender.Decode(text);
var expected = text;
Assert.AreEqual(expected, actual);
}
public void TestDecodeSanitizerProvider()
{
// Arrange
var editor = new HtmlEditorExtender();
// Act
editor.SanitizerProvider = new AntiXssSanitizerProvider();
// Assert
Assert.AreEqual("AjaxControlToolkit.Sanitizer.AntiXssSanitizerProvider", editor.SanitizerProvider.ToString());
}
public void StripScriptTagWithoutAttributes()
{
var extender = new HtmlEditorExtender {
EnableSanitization = false
};
var text = @" <script>";
var actual = extender.Decode(text);
Assert.AreEqual("", actual);
}
public void DoNotStripTagsWithAttributeNameStartsWithScript()
{
var extender = new HtmlEditorExtender {
EnableSanitization = false
};
var text = @"<mrow class=""MJX-TeXAtom-ORD""><mstyle displaystyle=""true"" scriptlevel=""0""></mstyle></mrow>";
var actual = extender.Decode(text);
var expected = text;
Assert.AreEqual(expected, actual);
}
public void AlwaysHasDefaultWhitelistEements()
{
var extender = new HtmlEditorExtender();
extender.EnableSanitization = true;
var sanitizerMoq = new Mock<IHtmlSanitizer>();
sanitizerMoq.Setup(c => c.GetSafeHtmlFragment(It.IsAny<string>(), It.IsAny<Dictionary<string, string[]>>())).Returns((string x, Dictionary<string, string[]> y) => x);
extender.Sanitizer = sanitizerMoq.Object;
var text = "<span>text</span><br />";
var actual = extender.Decode(text);
var expected = text;
Assert.AreEqual(expected, actual);
}
public void TestDecode()
{
// Arrange
var editor = new HtmlEditorExtender();
editor.SanitizerProvider = new AntiXssSanitizerProvider();
var input = TestContext.DataRow["Input"] as string;
var output = TestContext.DataRow["Output"] as string;
// Act
var result = editor.Decode(input);
// Assert
Assert.AreEqual(output, input);
}