package blackfriday import ( "testing" ) func doTestsSanitize(t *testing.T, tests []string) { doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT, HtmlRendererParameters{}) } func TestSanitizeRawHtmlTag(t *testing.T) { tests := []string{ "zz \n", "

zz <style>p {}</style>

\n", "zz \n", "

zz <style>p {}</style>

\n", "\n", "

<script>alert()</script>

\n", "zz \n", "

zz <script>alert()</script>

\n", "zz \n", "

zz <script>alert()</script>

\n", " \n", "

<script>alert()</script>

\n", "\n", "<script>alert()</script>\n", "\n", "<script src='foo'></script>\n", "\n", "<script src='a>b'></script>\n", "zz \n", "

zz <script src='foo'></script>

\n", "zz \n", "

zz <script src=foo></script>

\n", ``, "<script><script src="http://example.com/exploit.js"></script></script>\n", `'';!--"=&{()}`, "

'';!--"<xss>=&{()}

\n", "", "

<script SRC=http://ha.ckers.org/xss.js></script>

\n", "", "

<script \nSRC=http://ha.ckers.org/xss.js></script>

\n", ``, "

\n", "", "

\n", "", "

\n", "", "

\n", `xss link`, "

xss link

\n", "xss link", "

xss link

\n", `">`, "

<script>alert("XSS")</script>">

\n", "", "

\n", ``, "

\n", ``, "

\n", ``, "

\n", "", "

\n", "", "

\n", "", "

\n", ``, "

\n", ``, "

\n", ``, "

\n", ``, "

\n", ``, "

\n", ``, "

<script/XSS SRC="http://ha.ckers.org/xss.js"></script>

\n", "", "

<body onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("XSS")>

\n", ``, "

<script/SRC="http://ha.ckers.org/xss.js"></script>

\n", `<`, "

<<script>alert("XSS");//<</script>

\n", "