/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.theme;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
/**
* Test the KeycloakEscape utility.
*
* @author Stan Silvert
*/
public class KeycloakSanitizerTest {
private KeycloakSanitizerMethod kcEscape = new KeycloakSanitizerMethod();
@Test
public void testEscapes() throws Exception {
List<String> html = new ArrayList();
html.add("<div class=\"kc-logo-text\"><script>alert('foo');</script><span>Keycloak</span></div>");
String expectedResult = "<div class=\"kc-logo-text\"><span>Keycloak</span></div>";
assertResult(expectedResult, html);
html.set(0, "<h1>Foo</h1>");
expectedResult = "<h1>Foo</h1>";
assertResult(expectedResult, html);
html.set(0, "<div class=\"kc-logo-text\"><span>Keycloak</span></div><svg onload=alert(document.cookie);>");
expectedResult = "<div class=\"kc-logo-text\"><span>Keycloak</span></div>";
assertResult(expectedResult, html);
html.set(0, null);
expectedResult = null;
try {
assertResult(expectedResult, html);
fail("Expected NPE");
} catch (NullPointerException npe) {}
html.set(0, "");
expectedResult = "";
assertResult(expectedResult, html);
}
private void assertResult(String expectedResult, List<String> html) throws Exception {
String result = kcEscape.exec(html).toString();
assertEquals(expectedResult, result);
}
}