Merge pull request #5 from pawepaw/master

Allowed all attributes for url check. Tests for src in img.
Vereyon · May 13, 2016 · 557376f · 557376f
2 parents 18ff106 + 80d95f8
commit 557376f
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 6 deletions.
diff --git a/Web.HtmlSanitizer.Tests/AttributeCheckTests.cs b/Web.HtmlSanitizer.Tests/AttributeCheckTests.cs
@@ -13,7 +13,7 @@ public class AttributeCheckTests
         /// Tests if obviously illegal URL's are caught while obviously legal ones are left alone.
         /// </summary>
         [Fact]
-        public void UrlCheckTest()
+        public void AHrefUrlCheckTest()
         {
 
             string result;
@@ -36,7 +36,7 @@ public void UrlCheckTest()
         /// Regression test for checking if relative URL's are accepted.
         /// </summary>
         [Fact]
-        public void UrlCheckRelativeTest()
+        public void AHrefUrlCheckRelativeTest()
         {
 
             string result;
@@ -50,6 +50,46 @@ public void UrlCheckRelativeTest()
             Assert.Equal(expected, result);
         }
 
+
+
+        [Fact]
+        public void ImgSrcUrlCheckTest()
+        {
+
+            string result;
+            var sanitizer = new HtmlSanitizer();
+            sanitizer.Tag("img").CheckAttribute("src", HtmlSanitizerCheckType.Url);
+
+            // Test some illegal href
+            var inputIllegal = @"<img src=""javascript:alert('test')"">";
+            var expectedIllegal = @"";
+            result = sanitizer.Sanitize(inputIllegal);
+            Assert.Equal(expectedIllegal, result);
+
+            // Test a legal well formed url
+            var inputLegal = @"<img src=""http://www.google.com/a.png"">>";
+            result = sanitizer.Sanitize(inputLegal);
+            Assert.Equal(inputLegal, result);
+        }
+
+        /// <summary>
+        /// Regression test for checking if relative URL's are accepted.
+        /// </summary>
+        [Fact]
+        public void ImgSrcUrlCheckRelativeTest()
+        {
+
+            string result;
+            var sanitizer = new HtmlSanitizer();
+            sanitizer.Tag("img").CheckAttribute("src", HtmlSanitizerCheckType.Url);
+
+            // Test a relative url, which should pass.
+            var input = @"<img src=""../relative.png"">";
+            var expected = @"<img src=""../relative.png"">";
+            result = sanitizer.Sanitize(input);
+            Assert.Equal(expected, result);
+        }
+
         /// <summary>
         /// Tests if empty attributes are left alone.
         /// </summary>

diff --git a/Web.HtmlSanitizer/HtmlSanitizer.cs b/Web.HtmlSanitizer/HtmlSanitizer.cs
@@ -106,10 +106,6 @@ public static bool AttributeUrlCheck(HtmlAttribute attribute)
         /// <returns></returns>
         public static SanitizerOperation LinkHrefCheck(HtmlAttribute attribute)
         {
-
-            if (attribute.Name != "href")
-                throw new ArgumentException("Expected href attribute.");
-
             // Check the url. There's no use in keeping link tags without a link, so flatten the tag on failure.
             if (!AttributeUrlCheck(attribute))
                 return SanitizerOperation.FlattenTag;