|
|
@@ -5,8 +5,11 @@ package sanitizer // import "miniflux.app/v2/internal/reader/sanitizer"
|
|
|
|
|
|
import (
|
|
|
"os"
|
|
|
+ "strings"
|
|
|
"testing"
|
|
|
|
|
|
+ "golang.org/x/net/html"
|
|
|
+
|
|
|
"miniflux.app/v2/internal/config"
|
|
|
)
|
|
|
|
|
|
@@ -35,6 +38,28 @@ func BenchmarkSanitize(b *testing.B) {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+func FuzzSanitizer(f *testing.F) {
|
|
|
+ f.Fuzz(func(t *testing.T, orig string) {
|
|
|
+ tok := html.NewTokenizer(strings.NewReader(orig))
|
|
|
+ i := 0
|
|
|
+ for tok.Next() != html.ErrorToken {
|
|
|
+ i++
|
|
|
+ }
|
|
|
+
|
|
|
+ out := Sanitize("", orig)
|
|
|
+
|
|
|
+ tok = html.NewTokenizer(strings.NewReader(out))
|
|
|
+ j := 0
|
|
|
+ for tok.Next() != html.ErrorToken {
|
|
|
+ j++
|
|
|
+ }
|
|
|
+
|
|
|
+ if j > i {
|
|
|
+ t.Errorf("Got more html tokens in the sanitized html.")
|
|
|
+ }
|
|
|
+ })
|
|
|
+}
|
|
|
+
|
|
|
func TestValidInput(t *testing.T) {
|
|
|
input := `<p>This is a <strong>text</strong> with an image: <img src="http://example.org/" alt="Test" loading="lazy">.</p>`
|
|
|
output := Sanitize("http://example.org/", input)
|
Julien Voisin