Home | History | Annotate | Download | only in utils
      1 package com.android.mail.utils;
      2 
      3 import android.test.AndroidTestCase;
      4 import android.test.suitebuilder.annotation.SmallTest;
      5 
      6 /**
      7  * These test cases verify that each white listed element and attribute is accepted by the sanitizer
      8  * and everything else is correctly discarded.
      9  */
     10 @SmallTest
     11 public class BasicHtmlSanitizerTest extends AndroidTestCase {
     12     public void testAttributeDir() {
     13         sanitize("<div dir=\"ltr\">something</div>", "<div dir=\"ltr\">something</div>");
     14         sanitize("<div dir=\"rtl\">something</div>", "<div dir=\"rtl\">something</div>");
     15         sanitize("<div dir=\"LTR\">something</div>", "<div dir=\"ltr\">something</div>");
     16         sanitize("<div dir=\"RTL\">something</div>", "<div dir=\"rtl\">something</div>");
     17         sanitize("<div dir=\"blah\">something</div>", "<div>something</div>");
     18     }
     19 
     20     public void testA() {
     21         // allowed attributes
     22         sanitize("<a coords=\"something\"></a>", "<a coords=\"something\"></a>");
     23         sanitize("<a href=\"http://www.here.com\"></a>", "<a href=\"http://www.here.com\"></a>");
     24         sanitize("<a href=\"https://www.here.com\"></a>", "<a href=\"https://www.here.com\"></a>");
     25         sanitize("<a name=\"something\"></a>", "<a name=\"something\"></a>");
     26         sanitize("<a shape=\"something\"></a>", "<a shape=\"something\"></a>");
     27 
     28         // disallowed attributes (all links should launch a browser so we don't need these)
     29         sanitize("<a charset=\"something\"></a>", "");
     30         sanitize("<a datafld=\"something\"></a>", "");
     31         sanitize("<a datasrc=\"something\"></a>", "");
     32         sanitize("<a download=\"something\"></a>", "");
     33         sanitize("<a href=\"javascript:badness()\"></a>", "");
     34         sanitize("<a href=\"cid:ii_hyw5v8ej0\"></a>", "");
     35         sanitize("<a hreflang=\"something\"></a>", "");
     36         sanitize("<a media=\"something\"></a>", "");
     37         sanitize("<a methods=\"something\"></a>", "");
     38         sanitize("<a ping=\"something\"></a>", "");
     39         sanitize("<a rel=\"something\"></a>", "");
     40         sanitize("<a rev=\"something\"></a>", "");
     41         sanitize("<a target=\"_top\"></a>", "");
     42         sanitize("<a type=\"_top\"></a>", "");
     43         sanitize("<a urn=\"_top\"></a>", "");
     44         sanitize("<a onmouseout=\"alert(document.cookie)\">xxs link</a>", "xxs link");
     45         sanitize("<a onmouseover=\"alert(document.cookie)\">xxs link</a>", "xxs link");
     46         sanitize("<a onmouseover=alert(document.cookie)>xxs link</a>", "xxs link");
     47         sanitize("exp/*<a style='no\\xss:noxss(\"*//*\");\n" +
     48                 "xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>", "exp/*");
     49     }
     50 
     51     public void testAbbr() {
     52         sanitize("<abbr title=\"United Kingdom\">UK</abbr>",
     53                 "<abbr title=\"United Kingdom\">UK</abbr>");
     54     }
     55 
     56     public void testAcronym() {
     57         sanitize("<acronym title=\"World Wide Web\">WWW</acronym>",
     58                 "<acronym title=\"World Wide Web\">WWW</acronym>");
     59     }
     60 
     61     public void testAddress() {
     62         sanitize("<address>something</address>", "<address>something</address>");
     63     }
     64 
     65     public void testApplet() {
     66         // todo Gmail would also strip "malicious applet" as well... is this a problem?
     67         sanitize("<applet>malicious applet</applet>", "malicious applet");
     68     }
     69 
     70     public void testArea() {
     71         // allowed attributes
     72         sanitize("<area alt=\"something\"/>", "<area alt=\"something\" />");
     73         sanitize("<area coords=\"something\"/>", "<area coords=\"something\" />");
     74         sanitize("<area href=\"http://www.here.com\"/>", "<area href=\"http://www.here.com\" />");
     75         sanitize("<area href=\"https://www.here.com\"/>", "<area href=\"https://www.here.com\" />");
     76         sanitize("<area name=\"something\"/>", "<area name=\"something\" />");
     77         sanitize("<area nohref />", "<area nohref=\"nohref\" />");
     78         sanitize("<area shape=\"something\"/>", "<area shape=\"something\" />");
     79 
     80         // disallowed attributes (all links launch a browser so we don't need these attributes)
     81         sanitize("<area accessKey=\"A\"/>", "<area />");
     82         sanitize("<area download=\"something\"/>", "<area />");
     83         sanitize("<area href=\"javascript:badness()\"/>", "<area />");
     84         sanitize("<area href=\"cid:ii_hyw5v8ej0\"/>", "<area />");
     85         sanitize("<area hreflang=\"something\"/>", "<area />");
     86         sanitize("<area media=\"something\"/>", "<area />");
     87         sanitize("<area rel=\"something\"/>", "<area />");
     88         sanitize("<area target=\"something\"/>", "<area />");
     89         sanitize("<area tabindex=\"something\"/>", "<area />");
     90         sanitize("<area type=\"something\"/>", "<area />");
     91     }
     92 
     93     public void testArticle() {
     94         sanitize("<article></article>", "<article></article>");
     95     }
     96 
     97     public void testAside() {
     98         sanitize("<aside></aside>", "<aside></aside>");
     99     }
    100 
    101     public void testAudio() {
    102         sanitize("<audio>not supported</audio>", "not supported");
    103     }
    104 
    105     public void testB() {
    106         sanitize("<b>something</b>", "<b>something</b>");
    107     }
    108 
    109     public void testBase() {
    110         // allowed attributes
    111         sanitize("<base href=\"http://www.example.com/\">",
    112                 "<base href=\"http://www.example.com/\" />");
    113         sanitize("<base href=\"https://www.example.com/\">",
    114                 "<base href=\"https://www.example.com/\" />");
    115 
    116         // disallowed attributes
    117         sanitize("<base target=\"_blank\">", "<base />");
    118         sanitize("<base href=\"javascript:badness()\">", "<base />");
    119         sanitize("<base href=\"cid:ii_hyw5v8ej0\">", "<base />");
    120         sanitize("<base href=\"javascript:alert('XSS');//\">", "<base />");
    121     }
    122 
    123     public void testBasefont() {
    124         sanitize("<basefont color=\"something\"/>", "");
    125         sanitize("<basefont face=\"something\"/>", "");
    126         sanitize("<basefont size=\"something\"/>", "");
    127     }
    128 
    129     public void testBdi() {
    130         sanitize("<bdi>something</bdi>", "<bdi>something</bdi>");
    131         sanitize("<bdi dir=\"ltr\">something</bdi>", "<bdi dir=\"ltr\">something</bdi>");
    132     }
    133 
    134     public void testBdo() {
    135         sanitize("<bdo>something</bdo>", "<bdo>something</bdo>");
    136         sanitize("<bdo dir=\"ltr\">something</bdo>", "<bdo dir=\"ltr\">something</bdo>");
    137     }
    138 
    139     public void testBgsound() {
    140         sanitize("<bgsound src=\"sound1.mid\">", "");
    141         sanitize("<bgsound src=\"javascript:alert('XSS');\">", "");
    142     }
    143 
    144     public void testBig() {
    145         sanitize("<big>something</big>", "<big>something</big>");
    146     }
    147 
    148     public void testBlink() {
    149         sanitize("<blink>something</blink>", "something");
    150     }
    151 
    152     public void testBlockquote() {
    153         sanitize("<blockquote>something</blockquote>", "<blockquote>something</blockquote>");
    154         sanitize("<blockquote cite=\"http://www.here.com\">something</blockquote>",
    155                 "<blockquote cite=\"http://www.here.com\">something</blockquote>");
    156         sanitize("<blockquote cite=\"javascript:badness()\">something</blockquote>",
    157                 "<blockquote>something</blockquote>");
    158 
    159         sanitize("<blockquote style=\"margin:0;margin-left:0.8ex;border-left:1px #ccc solid;" +
    160                 "padding-left:1ex\">",
    161                 "<blockquote style=\"margin:0;margin-left:0.8ex;border-left:1px #ccc solid;" +
    162                         "padding-left:1ex\"></blockquote>");
    163     }
    164 
    165     /**
    166      * The body tag will be supplied by code that wraps this email with other formatting logic.
    167      * So, any body tags appearing within the email are translated to div tags.
    168      */
    169     public void testBody() {
    170         sanitize("<body alink=\"something\"></body>", "<div></div>");
    171         sanitize("<body background=\"something\"></body>", "<div></div>");
    172         sanitize("<body bgcolor=\"something\"></body>", "<div></div>");
    173         sanitize("<body link=\"something\"></body>", "<div></div>");
    174         sanitize("<body text=\"something\"></body>", "<div></div>");
    175         sanitize("<body vlink=\"something\"></body>", "<div></div>");
    176 
    177         // take extra care to ensure that these scripting callbacks don't survive
    178         sanitize("<body onafterprint=\"something\"></body>", "<div></div>");
    179         sanitize("<body onbeforeprint=\"something\"></body>", "<div></div>");
    180         sanitize("<body onbeforeunload=\"something\"></body>", "<div></div>");
    181         sanitize("<body onblur=\"something\"></body>", "<div></div>");
    182         sanitize("<body onerror=\"something\"></body>", "<div></div>");
    183         sanitize("<body onfocus=\"something\"></body>", "<div></div>");
    184         sanitize("<body onhashchange=\"something\"></body>", "<div></div>");
    185         sanitize("<body onload=\"something\"></body>", "<div></div>");
    186         sanitize("<body onmessage=\"something\"></body>", "<div></div>");
    187         sanitize("<body onoffline=\"something\"></body>", "<div></div>");
    188         sanitize("<body ononline=\"something\"></body>", "<div></div>");
    189         sanitize("<body onpopstate=\"something\"></body>", "<div></div>");
    190         sanitize("<body onredo=\"something\"></body>", "<div></div>");
    191         sanitize("<body onresize=\"something\"></body>", "<div></div>");
    192         sanitize("<body onstorage=\"something\"></body>", "<div></div>");
    193         sanitize("<body onundo=\"something\"></body>", "<div></div>");
    194         sanitize("<body onunload=\"something\"></body>", "<div></div>");
    195         sanitize("<body onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")>", "<div></div>");
    196         sanitize("<body background=\"javascript:alert('XSS')\">", "<div></div>");
    197         sanitize("<body onload=alert('XSS')>", "<div></div>");
    198         sanitize("<body onload =alert('XSS')>", "<div></div>");
    199     }
    200 
    201     public void testBr() {
    202         sanitize("something<br>something", "something<br />something");
    203         sanitize("something<br clear=\"all\">something", "something<br clear=\"all\" />something");
    204     }
    205 
    206     public void testButton() {
    207         sanitize("<button>Click Me!</button>", "<button>Click Me!</button>");
    208         sanitize("<button autofocus=\"true\">Click Me!</button>",
    209                 "<button autofocus=\"true\">Click Me!</button>");
    210         sanitize("<button disabled=\"true\">Click Me!</button>",
    211                 "<button disabled=\"true\">Click Me!</button>");
    212         sanitize("<button formenctype=\"text/plain\">Click Me!</button>",
    213                 "<button formenctype=\"text/plain\">Click Me!</button>");
    214         sanitize("<button formmethod=\"post\">Click Me!</button>",
    215                 "<button formmethod=\"post\">Click Me!</button>");
    216         sanitize("<button formnovalidate=\"formnovalidate\">Click Me!</button>",
    217                 "<button formnovalidate=\"formnovalidate\">Click Me!</button>");
    218         sanitize("<button formtarget=\"_top\">Click Me!</button>",
    219                 "<button formtarget=\"_top\">Click Me!</button>");
    220         sanitize("<button name=\"something\">Click Me!</button>",
    221                 "<button name=\"something\">Click Me!</button>");
    222         sanitize("<button type=\"button\">Click Me!</button>",
    223                 "<button type=\"button\">Click Me!</button>");
    224         sanitize("<button value=\"something\">Click Me!</button>",
    225                 "<button value=\"something\">Click Me!</button>");
    226         sanitize("<button formaction=\"http://www.overhere.com/\">Click Me!</button>",
    227                 "<button formaction=\"http://www.overhere.com/\">Click Me!</button>");
    228 
    229         sanitize("<button formaction=\"javascript:badness()\">Click Me!</button>",
    230                 "<button>Click Me!</button>");
    231     }
    232 
    233     public void testCanvas() {
    234         sanitize("<canvas></canvas>", "<canvas></canvas>");
    235         sanitize("<canvas width=\"500\"></canvas>", "<canvas width=\"500\"></canvas>");
    236         sanitize("<canvas height=\"500\"></canvas>", "<canvas height=\"500\"></canvas>");
    237     }
    238 
    239     public void testCaption() {
    240         sanitize("<caption>something</caption>", "<caption>something</caption>");
    241         sanitize("<caption align=\"left\">something</caption>",
    242                 "<caption align=\"left\">something</caption>");
    243     }
    244 
    245     public void testCenter() {
    246         sanitize("<center>something</center>", "<center>something</center>");
    247     }
    248 
    249     public void testCite() {
    250         sanitize("<cite>something</cite>", "<cite>something</cite>");
    251     }
    252 
    253     public void testCode() {
    254         sanitize("<code>something</code>", "<code>something</code>");
    255     }
    256 
    257     public void testCol() {
    258         sanitize("<col>", "<col />");
    259         sanitize("<col align=\"left\">", "<col align=\"left\" />");
    260         sanitize("<col bgcolor=\"something\">", "<col bgcolor=\"something\" />");
    261         sanitize("<col char=\"something\">", "<col char=\"something\" />");
    262         sanitize("<col charoff=\"something\">", "<col charoff=\"something\" />");
    263         sanitize("<col span=\"something\">", "<col span=\"something\" />");
    264         sanitize("<col valign=\"something\">", "<col valign=\"something\" />");
    265         sanitize("<col width=\"something\">", "<col width=\"something\" />");
    266     }
    267 
    268     public void testColgroup() {
    269         sanitize("<colgroup></colgroup>", "<colgroup></colgroup>");
    270         sanitize("<colgroup align=\"left\"></colgroup>", "<colgroup align=\"left\"></colgroup>");
    271         sanitize("<colgroup char=\"something\"></colgroup>",
    272                 "<colgroup char=\"something\"></colgroup>");
    273         sanitize("<colgroup charoff=\"something\"></colgroup>",
    274                 "<colgroup charoff=\"something\"></colgroup>");
    275         sanitize("<colgroup span=\"something\"></colgroup>",
    276                 "<colgroup span=\"something\"></colgroup>");
    277         sanitize("<colgroup valign=\"something\"></colgroup>",
    278                 "<colgroup valign=\"something\"></colgroup>");
    279         sanitize("<colgroup width=\"something\"></colgroup>",
    280                 "<colgroup width=\"something\"></colgroup>");
    281     }
    282 
    283     public void testDatalist() {
    284         sanitize("<datalist></datalist>", "<datalist></datalist>");
    285     }
    286 
    287     public void testDd() {
    288         sanitize("<dd>something</dd>", "<dd>something</dd>");
    289     }
    290 
    291     public void testDel() {
    292         sanitize("<del>something</del>", "<del>something</del>");
    293         sanitize("<del cite=\"javascript:badness();\">something</del>", "<del>something</del>");
    294         sanitize("<del cite=\"http://www.reason.com/\">something</del>",
    295                 "<del cite=\"http://www.reason.com/\">something</del>");
    296         sanitize("<del datetime=\"something\">something</del>",
    297                 "<del datetime=\"something\">something</del>");
    298     }
    299 
    300     public void testDetails() {
    301         sanitize("<details>something</details>", "<details>something</details>");
    302     }
    303 
    304     public void testDfn() {
    305         sanitize("<dfn>something</dfn>", "<dfn>something</dfn>");
    306     }
    307 
    308     public void testDialog() {
    309         sanitize("<dialog open>This is an open dialog window</dialog>",
    310                 "This is an open dialog window");
    311     }
    312 
    313     public void testDir() {
    314         sanitize("<dir><li>something</li></dir>", "<dir><li>something</li></dir>");
    315         sanitize("<dir compact=\"compact\"><li>something</li></dir>",
    316                 "<dir compact=\"compact\"><li>something</li></dir>");
    317     }
    318 
    319     public void testDiv() {
    320         sanitize("<div></div>", "<div></div>");
    321         sanitize("<div align=\"left\"></div>", "<div align=\"left\"></div>");
    322         sanitize("<div background=\"http://www.random.com/mypng.gif\"></div>",
    323                 "<div background=\"http://www.random.com/mypng.gif\"></div>");
    324 
    325         sanitize("<div background=\"javascript:badness();\"></div>", "<div></div>");
    326         sanitize("<div style=\"width: expression(alert('XSS'));\">", "<div></div>");
    327         sanitize("<div style=\"background-image: url(javascript:alert('XSS'))\">", "<div></div>");
    328         sanitize("<div style=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061" +
    329                 "\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074" +
    330                 "\\0028.1027\\0058.1053\\0053\\0027\\0029'\\0029\">", "<div></div>");
    331         sanitize("<div style=\"background-image: url(&#1;javascript:alert('XSS'))\">",
    332                 "<div></div>");
    333     }
    334 
    335     public void testDl() {
    336         sanitize("<dl></dl>", "<dl></dl>");
    337     }
    338 
    339     public void testDt() {
    340         sanitize("<dt></dt>", "<dt></dt>");
    341     }
    342 
    343     public void testEm() {
    344         sanitize("<em>something</em>", "<em>something</em>");
    345     }
    346 
    347     public void testEmbed() {
    348         sanitize("<embed src=\"helloworld.swf\">", "");
    349     }
    350 
    351     public void testFieldset() {
    352         sanitize("<fieldset>something</fieldset>", "<fieldset>something</fieldset>");
    353         sanitize("<fieldset disabled=\"true\">something</fieldset>",
    354                 "<fieldset disabled=\"true\">something</fieldset>");
    355         sanitize("<fieldset form=\"formId\">something</fieldset>",
    356                 "<fieldset form=\"formId\">something</fieldset>");
    357         sanitize("<fieldset name=\"something\">something</fieldset>",
    358                 "<fieldset name=\"something\">something</fieldset>");
    359     }
    360 
    361     public void testFigcaption() {
    362         sanitize("<figcaption>Fig1. something</figcaption>",
    363                 "<figcaption>Fig1. something</figcaption>");
    364     }
    365 
    366     public void testFigure() {
    367         sanitize("<figure>something</figure>", "<figure>something</figure>");
    368     }
    369 
    370     public void testFont() {
    371         sanitize("<font>something</font>", "something");
    372         sanitize("<font size=\"3\">something</font>", "<font size=\"3\">something</font>");
    373         sanitize("<font face=\"verdana\">something</font>",
    374                 "<font face=\"verdana\">something</font>");
    375         sanitize("<font color=\"red\">something</font>", "<font color=\"red\">something</font>");
    376     }
    377 
    378     public void testFooter() {
    379         sanitize("<footer>something</footer>", "<footer>something</footer>");
    380     }
    381 
    382     public void testForm() {
    383         sanitize("<form></form>", "<form></form>");
    384         sanitize("<form accept=\"something\"></form>", "<form accept=\"something\"></form>");
    385         sanitize("<form accept-charset=\"something\"></form>",
    386                 "<form accept-charset=\"something\"></form>");
    387         sanitize("<form autocomplete=\"on\"></form>", "<form autocomplete=\"on\"></form>");
    388         sanitize("<form enctype=\"text/plain\"></form>", "<form enctype=\"text/plain\"></form>");
    389         sanitize("<form method=\"get\"></form>", "<form method=\"get\"></form>");
    390         sanitize("<form name=\"something\"></form>", "<form name=\"something\"></form>");
    391         sanitize("<form novalidate=\"novalidate\"></form>",
    392                 "<form novalidate=\"novalidate\"></form>");
    393         sanitize("<form target=\"_top\"></form>", "<form target=\"_top\"></form>");
    394         sanitize("<form action=\"http://www.overhere.com/\"></form>",
    395                 "<form action=\"http://www.overhere.com/\"></form>");
    396 
    397         sanitize("<form action=\"javascript:badness()\"></form>", "<form></form>");
    398         sanitize("<form onsubmit=\"javascript:badness()\"></form>", "<form></form>");
    399         sanitize("<form onreset=\"javascript:badness()\"></form>", "<form></form>");
    400     }
    401 
    402     public void testFrame() {
    403         sanitize("<frame src=\"frame_a.htm\">", "");
    404     }
    405 
    406     public void testFrameset() {
    407         sanitize("<frameset cols=\"25%,*,25%\"></frameset>", "");
    408         sanitize("<frameset><frame src=\"javascript:alert('XSS');\"></frameset>", "");
    409     }
    410 
    411     public void testHead() {
    412         sanitize("<head></head>", "");
    413         sanitize("<head profile=\"http://www.overhere.com/\"></head>", "");
    414         sanitize("<head profile=\"javascript:badness()\"></head>", "");
    415     }
    416 
    417     public void testHeader() {
    418         sanitize("<header></header>", "<header></header>");
    419     }
    420 
    421     public void testH1() {
    422         sanitize("<h1>something</h1>", "<h1>something</h1>");
    423         sanitize("<h1 align=\"left\">something</h1>", "<h1 align=\"left\">something</h1>");
    424     }
    425 
    426     public void testH2() {
    427         sanitize("<h2>something</h2>", "<h2>something</h2>");
    428         sanitize("<h2 align=\"left\">something</h2>", "<h2 align=\"left\">something</h2>");
    429     }
    430 
    431     public void testH3() {
    432         sanitize("<h3>something</h3>", "<h3>something</h3>");
    433         sanitize("<h3 align=\"left\">something</h3>", "<h3 align=\"left\">something</h3>");
    434     }
    435 
    436     public void testH4() {
    437         sanitize("<h4>something</h4>", "<h4>something</h4>");
    438         sanitize("<h4 align=\"left\">something</h4>", "<h4 align=\"left\">something</h4>");
    439     }
    440 
    441     public void testH5() {
    442         sanitize("<h5>something</h5>", "<h5>something</h5>");
    443         sanitize("<h5 align=\"left\">something</h5>", "<h5 align=\"left\">something</h5>");
    444     }
    445 
    446     public void testH6() {
    447         sanitize("<h6>something</h6>", "<h6>something</h6>");
    448         sanitize("<h6 align=\"left\">something</h6>", "<h6 align=\"left\">something</h6>");
    449     }
    450 
    451     public void testHr() {
    452         sanitize("<hr/>", "<hr />");
    453         sanitize("<hr align=\"left\"/>", "<hr align=\"left\" />");
    454         sanitize("<hr noshade=\"noshade\"/>", "<hr noshade=\"noshade\" />");
    455         sanitize("<hr size=\"11\"/>", "<hr size=\"11\" />");
    456         sanitize("<hr width=\"666\"/>", "<hr width=\"666\" />");
    457     }
    458 
    459     public void testHtml() {
    460         sanitize("<html></html>", "");
    461         sanitize("<html xmlns=\"http://www.w3.org/1999/xhtml\"></html>", "");
    462         sanitize("<html manifest=\"http://www.overhere.com/\"></html>", "");
    463         sanitize("<html manifest=\"javascript:badness()\"></html>", "");
    464     }
    465 
    466     public void testI() {
    467         sanitize("<i></i>", "<i></i>");
    468     }
    469 
    470     public void testIframe() {
    471         sanitize("<iframe src=\"http://www.w3schools.com\"></iframe>", "");
    472         sanitize("<iframe src=http://ha.ckers.org/scriptlet.html <", "");
    473         sanitize("<iframe src=\"javascript:alert('XSS');\"></iframe>", "");
    474         sanitize("<iframe src=# onmouseover=\"alert(document.cookie)\"></iframe>", "");
    475     }
    476 
    477     public void testIsindex() {
    478         sanitize("<isindex prompt=\"Search Document... \"/>", "");
    479     }
    480 
    481     public void testImg() {
    482         sanitize("<img/>", "");
    483         sanitize("<img align=\"left\"/>", "<img align=\"left\" />");
    484         sanitize("<img alt=\"something\"/>", "<img alt=\"something\" />");
    485         sanitize("<img border=\"22\"/>", "<img border=\"22\" />");
    486         sanitize("<img crossorigin=\"anonymous \"/>", "<img crossorigin=\"anonymous \" />");
    487         sanitize("<img height=\"22\"/>", "<img height=\"22\" />");
    488         sanitize("<img hspace=\"22\"/>", "<img hspace=\"22\" />");
    489         sanitize("<img ismap=\"ismap\"/>", "<img ismap=\"ismap\" />");
    490         sanitize("<img usemap=\"something\"/>", "<img usemap=\"something\" />");
    491         sanitize("<img vspace=\"22\"/>", "<img vspace=\"22\" />");
    492         sanitize("<img width=\"22\"/>", "<img width=\"22\" />");
    493         sanitize("<img src=\"http://www.overhere.com/\"></img>",
    494                 "<img src=\"http://www.overhere.com/\" />");
    495         sanitize("<img src=\"https://www.overhere.com/\"></img>",
    496                 "<img src=\"https://www.overhere.com/\" />");
    497         sanitize("<img src=\"cid:ii_hyw5v8ej0\"></img>",
    498                 "<img src=\"cid:ii_hyw5v8ej0\" />");
    499         sanitize("<img longdesc=\"http://www.overhere.com/\"></img>",
    500                 "<img longdesc=\"http://www.overhere.com/\" />");
    501         sanitize("<img longdesc=\"https://www.overhere.com/\"></img>",
    502                 "<img longdesc=\"https://www.overhere.com/\" />");
    503 
    504         sanitize("<img src=\"javascript:badness()\"></img>", "");
    505         sanitize("<img longdesc=\"javascript:badness()\"></img>", "");
    506         sanitize("<img longdesc=\"cid:ii_hyw5v8ej0\"></img>", "");
    507         sanitize("<img src=javascript:alert('XSS')>", "");
    508         sanitize("<img src=JaVaScRiPt:alert('XSS')>", "");
    509         sanitize("<img src=javascript:alert(\"XSS\")>", "");
    510         sanitize("<img src=`javascript:alert(\"RSnake says, 'XSS'\")`>", "");
    511         sanitize("<img \"\"\"><script>alert(\"XSS\")</script>\">", "&#34;&gt;");
    512         sanitize("<img src=# onmouseover=\"alert('xxs')\">", "<img src=\"#\" />");
    513         sanitize("<img src= onmouseover=\"alert('xxs')\">", "<img src=\"onmouseover&#61;\" />");
    514         sanitize("<img onmouseover=\"alert('xxs')\">", "");
    515         sanitize("<img src=/ onerror=\"alert(String.fromCharCode(88,83,83))\"></img>",
    516                 "<img src=\"/\" />");
    517         sanitize("<img src=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;" +
    518                 "&#108;&#101;&#114;&#116;&#40;\n&#39;&#88;&#83;&#83;&#39;&#41;>",
    519                 "");
    520         sanitize("<img src=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114" +
    521                 "&#0000105&#0000112&#0000116&#0000058&#0000097&\n" +
    522                 "#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083" +
    523                 "&#0000039&#0000041>", "");
    524         sanitize("<img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65" +
    525                 "&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>", "");
    526         sanitize("<img src=\"jav\tascript:alert('XSS');\">", "");
    527         sanitize("<img src=\"jav&#x09;ascript:alert('XSS');\">", "");
    528         sanitize("<img src=\"jav&#x0A;ascript:alert('XSS');\">", "");
    529         sanitize("<img src=\"jav&#x0D;ascript:alert('XSS');\">", "");
    530         sanitize("<img src=java\0script:alert(\\\"XSS\\\")>", "");
    531         sanitize("<img src=\" &#14;  javascript:alert('XSS');\">", "");
    532         sanitize("<img src=\"javascript:alert('XSS')\"", "");
    533         sanitize("<img dynsrc=\"javascript:alert('XSS')\">", "");
    534         sanitize("<img lowsrc=\"javascript:alert('XSS')\">", "");
    535         sanitize("<img src='vbscript:msgbox(\"XSS\")'>", "");
    536         sanitize("<img src=\"livescript:[code]\">", "");
    537         sanitize("<img style=\"xss:expr/*XSS*/ession(alert('XSS'))\">", "");
    538     }
    539 
    540     public void testInput() {
    541         sanitize("<input accept=\"image/*\"/>", "<input accept=\"image/*\" />");
    542         sanitize("<input align=\"left\"/>", "<input align=\"left\" />");
    543         sanitize("<input alt=\"something\"/>", "<input alt=\"something\" />");
    544         sanitize("<input autocomplete=\"on\"/>", "<input autocomplete=\"on\" />");
    545         sanitize("<input autofocus=\"autofocus\"/>", "<input autofocus=\"autofocus\" />");
    546         sanitize("<input checked=\"checked\"/>", "<input checked=\"checked\" />");
    547         sanitize("<input disabled=\"disabled\"/>", "<input disabled=\"disabled\" />");
    548         sanitize("<input form=\"1\"/>", "<input form=\"1\" />");
    549         sanitize("<input formenctype=\"text/plain\"/>", "<input formenctype=\"text/plain\" />");
    550         sanitize("<input formmethod=\"post\"/>", "<input formmethod=\"post\" />");
    551         sanitize("<input formnovalidate=\"formnovalidate\"/>",
    552                 "<input formnovalidate=\"formnovalidate\" />");
    553         sanitize("<input formtarget=\"_top\"/>", "<input formtarget=\"_top\" />");
    554         sanitize("<input height=\"22\"/>", "<input height=\"22\" />");
    555         sanitize("<input list=\"something\"/>", "<input list=\"something\" />");
    556         sanitize("<input max=\"1000\"/>", "<input max=\"1000\" />");
    557         sanitize("<input maxlength=\"10\"/>", "<input maxlength=\"10\" />");
    558         sanitize("<input min=\"10\"/>", "<input min=\"10\" />");
    559         sanitize("<input multiple=\"multiple\"/>", "<input multiple=\"multiple\" />");
    560         sanitize("<input name=\"herman\"/>", "<input name=\"herman\" />");
    561         sanitize("<input pattern=\"*.*\"/>", "<input pattern=\"*.*\" />");
    562         sanitize("<input placeholder=\"something\"/>", "<input placeholder=\"something\" />");
    563         sanitize("<input readonly=\"readonly\"/>", "<input readonly=\"readonly\" />");
    564         sanitize("<input required=\"required\"/>", "<input required=\"required\" />");
    565         sanitize("<input size=\"22\"/>", "<input size=\"22\" />");
    566         sanitize("<input step=\"5\"/>", "<input step=\"5\" />");
    567         sanitize("<input type=\"button\"/>", "<input type=\"button\" />");
    568         sanitize("<input value=\"something\"/>", "<input value=\"something\" />");
    569         sanitize("<input width=\"50\"/>", "<input width=\"50\" />");
    570         sanitize("<input src=\"http://www.overhere.com/\"></input>",
    571                 "<input src=\"http://www.overhere.com/\" />");
    572         sanitize("<input src=\"https://www.overhere.com/\"></input>",
    573                 "<input src=\"https://www.overhere.com/\" />");
    574         sanitize("<input formaction=\"http://www.overhere.com/\"></input>",
    575                 "<input formaction=\"http://www.overhere.com/\" />");
    576         sanitize("<input formaction=\"https://www.overhere.com/\"></input>",
    577                 "<input formaction=\"https://www.overhere.com/\" />");
    578 
    579         sanitize("<input src=\"cid:ii_hyw5v8ej0\"></input>", "");
    580         sanitize("<input src=\"javascript:badness()\"></input>", "");
    581         sanitize("<input formaction=\"cid:ii_hyw5v8ej0\"></input>", "");
    582         sanitize("<input formaction=\"javascript:badness()\"></input>", "");
    583         sanitize("<input type=\"image\" src=\"javascript:alert('XSS');\">",
    584                 "<input type=\"image\" />");
    585         sanitize("<input type=\"text\" onchange=\"javascript:alert('XSS');\">",
    586                 "<input type=\"text\" />");
    587         sanitize("<input type=\"button\" onclick=\"javascript:alert('XSS');\">",
    588                 "<input type=\"button\" />");
    589         sanitize("<input type=\"button\" ondblclick=\"javascript:alert('XSS');\">",
    590                 "<input type=\"button\" />");
    591     }
    592 
    593     public void testIns() {
    594         sanitize("<ins>something</ins>", "<ins>something</ins>");
    595         sanitize("<ins cite=\"javascript:badness();\">something</ins>", "<ins>something</ins>");
    596         sanitize("<ins cite=\"http://www.reason.com/\">something</ins>",
    597                 "<ins cite=\"http://www.reason.com/\">something</ins>");
    598         sanitize("<ins cite=\"https://www.reason.com/\">something</ins>",
    599                 "<ins cite=\"https://www.reason.com/\">something</ins>");
    600         sanitize("<ins datetime=\"something\">something</ins>",
    601                 "<ins datetime=\"something\">something</ins>");
    602 
    603         sanitize("<ins cite=\"cid:ii_hyw5v8ej0\">something</ins>",
    604                 "<ins>something</ins>");
    605     }
    606 
    607     public void testKbd() {
    608         sanitize("<kbd>something</kbd>", "<kbd>something</kbd>");
    609     }
    610 
    611     public void testKeygen() {
    612         sanitize("<keygen/>", "<keygen />");
    613         sanitize("<keygen autofocus=\"autofocus\"/>", "<keygen autofocus=\"autofocus\" />");
    614         sanitize("<keygen challenge=\"challenge\"/>", "<keygen challenge=\"challenge\" />");
    615         sanitize("<keygen disabled=\"disabled\"/>", "<keygen disabled=\"disabled\" />");
    616         sanitize("<keygen form=\"formId\"/>", "<keygen form=\"formId\" />");
    617         sanitize("<keygen keytype=\"rsa\"/>", "<keygen keytype=\"rsa\" />");
    618         sanitize("<keygen name=\"herman\"/>", "<keygen name=\"herman\" />");
    619     }
    620 
    621     public void testLabel() {
    622         sanitize("<label for=\"elementId\">Something:</label>", "<label>Something:</label>");
    623         sanitize("<label form=\"formId\">Something:</label>",
    624                 "<label form=\"formId\">Something:</label>");
    625     }
    626 
    627     public void testLegend() {
    628         sanitize("<legend>Something:</legend>", "<legend>Something:</legend>");
    629         sanitize("<legend align=\"left\">Something:</legend>",
    630                 "<legend align=\"left\">Something:</legend>");
    631     }
    632 
    633     public void testLi() {
    634         sanitize("<li>Something:</li>", "<li>Something:</li>");
    635         sanitize("<li type=\"a\">Something:</li>", "<li type=\"a\">Something:</li>");
    636         sanitize("<li value=\"11\">Something:</li>", "<li value=\"11\">Something:</li>");
    637     }
    638 
    639     public void testLink() {
    640         sanitize("<link charset=\"utf8\"/>", "");
    641         sanitize("<link href=\"http://www.reason.com/\"/>", "");
    642         sanitize("<link href=\"https://www.reason.com/\"/>", "");
    643         sanitize("<link href=\"cid:ii_hyw5v8ej0\"/>", "");
    644         sanitize("<link hreflang=\"fr_CA\"/>", "");
    645         sanitize("<link media=\"tv\"/>", "");
    646         sanitize("<link rel=\"alternate\"/>", "");
    647         sanitize("<link rev=\"something\"/>", "");
    648         sanitize("<link sizes=\"500x400\"/>", "");
    649         sanitize("<link target=\"_top\"/>", "");
    650         sanitize("<link type=\"mimeType\"/>", "");
    651         sanitize("<link href=\"javascript:alert('XSS');\">", "");
    652     }
    653 
    654     public void testMain() {
    655         sanitize("<main>something</main>", "<main>something</main>");
    656     }
    657 
    658     public void testMap() {
    659         sanitize("<map></map>", "<map></map>");
    660         sanitize("<map name=\"mapname\"></map>", "<map name=\"mapname\"></map>");
    661     }
    662 
    663     public void testMark() {
    664         sanitize("<mark>something</mark>", "<mark>something</mark>");
    665     }
    666 
    667     public void testMenu() {
    668         sanitize("<menu></menu>", "<menu></menu>");
    669         sanitize("<menu label=\"Edit\"></menu>", "<menu label=\"Edit\"></menu>");
    670         sanitize("<menu type=\"popup\"></menu>", "<menu type=\"popup\"></menu>");
    671     }
    672 
    673     public void testMenuitem() {
    674         sanitize("<menuitem></menuitem>", "<menuitem></menuitem>");
    675         sanitize("<menuitem checked=\"checked\"></menuitem>",
    676                 "<menuitem checked=\"checked\"></menuitem>");
    677         sanitize("<menuitem command=\"something\"></menuitem>",
    678                 "<menuitem command=\"something\"></menuitem>");
    679         sanitize("<menuitem default=\"default\"></menuitem>",
    680                 "<menuitem default=\"default\"></menuitem>");
    681         sanitize("<menuitem disabled=\"disabled\"></menuitem>",
    682                 "<menuitem disabled=\"disabled\"></menuitem>");
    683         sanitize("<menuitem icon=\"http://www.reason.com/\"></menuitem>",
    684                 "<menuitem icon=\"http://www.reason.com/\"></menuitem>");
    685         sanitize("<menuitem icon=\"https://www.reason.com/\"></menuitem>",
    686                 "<menuitem icon=\"https://www.reason.com/\"></menuitem>");
    687         sanitize("<menuitem label=\"something\"></menuitem>",
    688                 "<menuitem label=\"something\"></menuitem>");
    689         sanitize("<menuitem type=\"checkbox\"></menuitem>",
    690                 "<menuitem type=\"checkbox\"></menuitem>");
    691         sanitize("<menuitem radiogroup=\"something\"></menuitem>",
    692                 "<menuitem radiogroup=\"something\"></menuitem>");
    693 
    694         sanitize("<menuitem icon=\"cid:ii_hyw5v8ej0\"></menuitem>", "<menuitem></menuitem>");
    695         sanitize("<menuitem icon=\"javascript:badness()\"></menuitem>", "<menuitem></menuitem>");
    696     }
    697 
    698     public void testMeta() {
    699         sanitize("<meta/>", "");
    700         sanitize("<meta charset=\"utf8\" />", "");
    701         sanitize("<meta content=\"something\" />", "");
    702         sanitize("<meta http-equiv=\"refresh\" />", "");
    703         sanitize("<meta name=\"description\" />", "");
    704         sanitize("<meta scheme=\"YYYY-MM-DD\" />", "");
    705         sanitize("<meta http-equiv=\"Link\" content=\"<http://ha.ckers.org/xss.css>; " +
    706                 "REL=stylesheet\">", "");
    707         sanitize("<meta http-equiv=\"refresh\" content=\"0;url=javascript:alert('XSS');\">", "");
    708         sanitize("<meta http-equiv=\"refresh\" content=\"0;url=data:text/html " +
    709                 "base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">", "");
    710         sanitize("<meta http-equiv=\"refresh\" CONTENT=\"0; url=http://;" +
    711                 "URL=javascript:alert('XSS');\">", "");
    712     }
    713 
    714     public void testMeter() {
    715         sanitize("<meter>2 out of 10</meter>", "<meter>2 out of 10</meter>");
    716         sanitize("<meter form=\"formId\">2 out of 10</meter>",
    717                 "<meter form=\"formId\">2 out of 10</meter>");
    718         sanitize("<meter high=\"10\">2 out of 10</meter>",
    719                 "<meter high=\"10\">2 out of 10</meter>");
    720         sanitize("<meter low=\"10\">2 out of 10</meter>", "<meter low=\"10\">2 out of 10</meter>");
    721         sanitize("<meter max=\"10\">2 out of 10</meter>", "<meter max=\"10\">2 out of 10</meter>");
    722         sanitize("<meter min=\"10\">2 out of 10</meter>", "<meter min=\"10\">2 out of 10</meter>");
    723         sanitize("<meter optimum=\"10\">2 out of 10</meter>",
    724                 "<meter optimum=\"10\">2 out of 10</meter>");
    725         sanitize("<meter value=\"10\">2 out of 10</meter>",
    726                 "<meter value=\"10\">2 out of 10</meter>");
    727     }
    728 
    729     public void testNav() {
    730         sanitize("<nav>something</nav>", "<nav>something</nav>");
    731     }
    732 
    733     public void testNoframes() {
    734         sanitize("<noframes>No frames!</noframes>", "");
    735     }
    736 
    737     public void testNoscript() {
    738         sanitize("<noscript>No JavaScript!</noscript>", "");
    739     }
    740 
    741     public void testObject() {
    742         sanitize("<object>No Objects!</object>", "");
    743         sanitize("<object type=\"text/x-scriptlet\" data=\"http://ha.ckers.org/scriptlet.html\">" +
    744                 "</object>", "");
    745     }
    746 
    747     public void testOl() {
    748         sanitize("<ol></ol>", "<ol></ol>");
    749         sanitize("<ol compact=\"compact\"></ol>", "<ol compact=\"compact\"></ol>");
    750         sanitize("<ol reversed=\"reversed\"></ol>", "<ol reversed=\"reversed\"></ol>");
    751         sanitize("<ol start=\"11\"></ol>", "<ol start=\"11\"></ol>");
    752         sanitize("<ol type=\"a\"></ol>", "<ol type=\"a\"></ol>");
    753     }
    754 
    755     public void testOptgroup() {
    756         sanitize("<optgroup></optgroup>", "<optgroup></optgroup>");
    757         sanitize("<optgroup disabled=\"disabled\"></optgroup>",
    758                 "<optgroup disabled=\"disabled\"></optgroup>");
    759         sanitize("<optgroup label=\"something\"></optgroup>",
    760                 "<optgroup label=\"something\"></optgroup>");
    761     }
    762 
    763     public void testOption() {
    764         sanitize("<option>something</option>", "<option>something</option>");
    765         sanitize("<option disabled=\"disabled\">something</option>",
    766                 "<option disabled=\"disabled\">something</option>");
    767         sanitize("<option label=\"something\">something</option>",
    768                 "<option label=\"something\">something</option>");
    769         sanitize("<option selected=\"selected\">something</option>",
    770                 "<option selected=\"selected\">something</option>");
    771         sanitize("<option value=\"volvo\">something</option>",
    772                 "<option value=\"volvo\">something</option>");
    773     }
    774 
    775     public void testOutput() {
    776         sanitize("<output></output>", "<output></output>");
    777         sanitize("<output for=\"elementId\"></output>", "<output></output>");
    778         sanitize("<output form=\"formId\"></output>", "<output form=\"formId\"></output>");
    779         sanitize("<output name=\"something\"></output>", "<output name=\"something\"></output>");
    780     }
    781 
    782     public void testP() {
    783         sanitize("<p>something</p>", "<p>something</p>");
    784         sanitize("<p align=\"left\">something</p>", "<p align=\"left\">something</p>");
    785     }
    786 
    787     public void testParam() {
    788         sanitize("<param name=\"autoplay\" value=\"true\">", "");
    789     }
    790 
    791     public void testPre() {
    792         sanitize("<pre>something</pre>", "<pre>something</pre>");
    793         sanitize("<pre width=\"400\">something</pre>", "<pre width=\"400\">something</pre>");
    794     }
    795 
    796     public void testProgress() {
    797         sanitize("<progress></progress>", "<progress></progress>");
    798         sanitize("<progress value=\"22\"></progress>", "<progress value=\"22\"></progress>");
    799         sanitize("<progress max=\"100\"></progress>", "<progress max=\"100\"></progress>");
    800     }
    801 
    802     public void testQ() {
    803         sanitize("<q>something</q>", "<q>something</q>");
    804         sanitize("<q cite=\"http://www.reason.com/\">something</q>",
    805                 "<q cite=\"http://www.reason.com/\">something</q>");
    806         sanitize("<q cite=\"https://www.reason.com/\">something</q>",
    807                 "<q cite=\"https://www.reason.com/\">something</q>");
    808 
    809         sanitize("<q cite=\"cid:ii_hyw5v8ej0\">something</q>", "<q>something</q>");
    810         sanitize("<q cite=\"javascript:badness()\">something</q>", "<q>something</q>");
    811     }
    812 
    813     public void testRp() {
    814         sanitize("<rp>something</rp>", "<rp>something</rp>");
    815     }
    816 
    817     public void testRt() {
    818         sanitize("<rt>something</rt>", "<rt>something</rt>");
    819     }
    820 
    821     public void testRuby() {
    822         sanitize("<ruby></ruby>", "<ruby></ruby>");
    823     }
    824 
    825     public void testS() {
    826         sanitize("<s>old skool strikethrough</s>", "<s>old skool strikethrough</s>");
    827     }
    828 
    829     public void testSamp() {
    830         sanitize("<samp>something</samp>", "<samp>something</samp>");
    831     }
    832 
    833     public void testScript() {
    834         sanitize("<script>malicious script</script>", "");
    835         sanitize("<<script>alert(\"XSS\");//<</script>", "&lt;");
    836         sanitize("<script src=http://ha.ckers.org/xss.js></script>", "");
    837         sanitize("<script/XSS src=\"http://ha.ckers.org/xss.js\"></script>", "");
    838         sanitize("<script/src=\"http://ha.ckers.org/xss.js\"></script>", "");
    839         sanitize("<script src=http://ha.ckers.org/xss.js?< B >", "");
    840         sanitize("<script src=//ha.ckers.org/.j>", "");
    841         sanitize("</title><script>alert(\"XSS\");</script>", "");
    842         sanitize("<script src=\"http://ha.ckers.org/xss.jpg\"></script>", "");
    843 
    844         String attack = "';alert(String.fromCharCode(88,83,83))//';" +
    845                 "alert(String.fromCharCode(88,83,83))//\";\n" +
    846                 "alert(String.fromCharCode(88,83,83))//\";" +
    847                 "alert(String.fromCharCode(88,83,83))//--\n" +
    848                 "></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>";
    849         String defend = "&#39;;alert(String.fromCharCode(88,83,83))//&#39;;" +
    850                 "alert(String.fromCharCode(88,83,83))//&#34;;\n" +
    851                 "alert(String.fromCharCode(88,83,83))//&#34;;" +
    852                 "alert(String.fromCharCode(88,83,83))//--\n" +
    853                 "&gt;&#34;&gt;&#39;&gt;";
    854         sanitize(attack, defend);
    855     }
    856 
    857     public void testSection() {
    858         sanitize("<section>something</section>", "<section>something</section>");
    859     }
    860 
    861     public void testSelect() {
    862         sanitize("<select></select>", "<select></select>");
    863         sanitize("<select autofocus=\"autofocus\"></select>",
    864                 "<select autofocus=\"autofocus\"></select>");
    865         sanitize("<select disabled=\"disabled\"></select>",
    866                 "<select disabled=\"disabled\"></select>");
    867         sanitize("<select form=\"formId\"></select>", "<select form=\"formId\"></select>");
    868         sanitize("<select multiple=\"multiple\"></select>",
    869                 "<select multiple=\"multiple\"></select>");
    870         sanitize("<select required=\"required\"></select>",
    871                 "<select required=\"required\"></select>");
    872         sanitize("<select size=\"11\"></select>", "<select size=\"11\"></select>");
    873     }
    874 
    875     public void testSmall() {
    876         sanitize("<small>something</small>", "<small>something</small>");
    877     }
    878 
    879     public void testSource() {
    880         sanitize("<source/>", "");
    881         sanitize("<source></source>", "");
    882     }
    883 
    884     public void testSpan() {
    885         sanitize("<span style=\"color:blue\">something</span>",
    886                 "<span style=\"color:blue\">something</span>");
    887     }
    888 
    889     public void testStrike() {
    890         sanitize("<strike>something</strike>", "<strike>something</strike>");
    891     }
    892 
    893     public void testStrong() {
    894         sanitize("<strong>something</strong>", "<strong>something</strong>");
    895     }
    896 
    897     public void testStyle() {
    898         sanitize("<style>something</style>", "");
    899         sanitize("<style media=\"something\">something</style>", "");
    900         sanitize("<style scoped=\"scoped\">something</style>", "");
    901         sanitize("<style type=\"text/css\">something</style>", "");
    902         sanitize("<style>li {list-style-image: url(\"javascript:alert('XSS')\");}</style>", "");
    903         sanitize("<style>@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';</style>", "");
    904         sanitize("<style>body{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</style>",
    905                 "");
    906         sanitize("<style>@import'http://ha.ckers.org/xss.css';</style>", "");
    907         sanitize("<style type=\"text/javascript\">alert('XSS');</style>", "");
    908         sanitize("<style>.XSS{background-image:url(\"javascript:alert('XSS')\");}</style>" +
    909                 "<a class=XSS></a>", "");
    910         sanitize("<style type=\"text/css\">body{background:url(\"javascript:alert('XSS')\")}" +
    911                 "</style>", "");
    912     }
    913 
    914     public void testSub() {
    915         sanitize("<sub>something</sub>", "<sub>something</sub>");
    916     }
    917 
    918     public void testSummary() {
    919         sanitize("<summary>something</summary>", "<summary>something</summary>");
    920     }
    921 
    922     public void testSup() {
    923         sanitize("<sup>something</sup>", "<sup>something</sup>");
    924     }
    925 
    926     public void testTable() {
    927         sanitize("<table></table>", "<table></table>");
    928         sanitize("<table align=\"left\"></table>", "<table align=\"left\"></table>");
    929         sanitize("<table bgcolor=\"red\"></table>", "<table bgcolor=\"red\"></table>");
    930         sanitize("<table border=\"1\"></table>", "<table border=\"1\"></table>");
    931         sanitize("<table cellpadding=\"1\"></table>", "<table cellpadding=\"1\"></table>");
    932         sanitize("<table cellspacing=\"1\"></table>", "<table cellspacing=\"1\"></table>");
    933         sanitize("<table frame=\"void\"></table>", "<table frame=\"void\"></table>");
    934         sanitize("<table rules=\"none\"></table>", "<table rules=\"none\"></table>");
    935         sanitize("<table sortable=\"sortable\"></table>", "<table sortable=\"sortable\"></table>");
    936         sanitize("<table summary=\"something\"></table>", "<table summary=\"something\"></table>");
    937         sanitize("<table width=\"11\"></table>", "<table width=\"11\"></table>");
    938 
    939         sanitize("<table background=\"javascript:alert('XSS')\">", "<table></table>");
    940     }
    941 
    942     public void testTbody() {
    943         sanitize("<tbody></tbody>", "<tbody></tbody>");
    944         sanitize("<tbody char=\"something\"></tbody>", "<tbody char=\"something\"></tbody>");
    945         sanitize("<tbody charoff=\"11\"></tbody>", "<tbody charoff=\"11\"></tbody>");
    946         sanitize("<tbody valign=\"top\"></tbody>", "<tbody valign=\"top\"></tbody>");
    947     }
    948 
    949     public void testTd() {
    950         sanitize("<td></td>", "<td></td>");
    951         sanitize("<td abbr=\"something\"></td>", "<td abbr=\"something\"></td>");
    952         sanitize("<td align=\"left\"></td>", "<td align=\"left\"></td>");
    953         sanitize("<td axis=\"something\"></td>", "<td axis=\"something\"></td>");
    954         sanitize("<td bgcolor=\"red\"></td>", "<td bgcolor=\"red\"></td>");
    955         sanitize("<td char=\"something\"></td>", "<td char=\"something\"></td>");
    956         sanitize("<td charoff=\"22\"></td>", "<td charoff=\"22\"></td>");
    957         sanitize("<td colspan=\"33\"></td>", "<td colspan=\"33\"></td>");
    958         sanitize("<td height=\"44\"></td>", "<td height=\"44\"></td>");
    959         sanitize("<td nowrap=\"nowrap\"></td>", "<td nowrap=\"nowrap\"></td>");
    960         sanitize("<td rowspan=\"3\"></td>", "<td rowspan=\"3\"></td>");
    961         sanitize("<td scope=\"col\"></td>", "<td scope=\"col\"></td>");
    962         sanitize("<td valign=\"top\"></td>", "<td valign=\"top\"></td>");
    963         sanitize("<td width=\"55\"></td>", "<td width=\"55\"></td>");
    964 
    965         sanitize("<td headers=\"headerId\"></td>", "<td></td>");
    966         sanitize("<td background=\"javascript:alert('XSS')\">", "<td></td>");
    967     }
    968 
    969     public void testTextarea() {
    970         sanitize("<textarea></textarea>", "<textarea></textarea>");
    971         sanitize("<textarea autofocus=\"autofocus\"></textarea>",
    972                 "<textarea autofocus=\"autofocus\"></textarea>");
    973         sanitize("<textarea cols=\"1\"></textarea>", "<textarea cols=\"1\"></textarea>");
    974         sanitize("<textarea disabled=\"disabled\"></textarea>",
    975                 "<textarea disabled=\"disabled\"></textarea>");
    976         sanitize("<textarea form=\"formId\"></textarea>", "<textarea form=\"formId\"></textarea>");
    977         sanitize("<textarea maxlength=\"2\"></textarea>", "<textarea maxlength=\"2\"></textarea>");
    978         sanitize("<textarea name=\"something\"></textarea>",
    979                 "<textarea name=\"something\"></textarea>");
    980         sanitize("<textarea placeholder=\"something\"></textarea>",
    981                 "<textarea placeholder=\"something\"></textarea>");
    982         sanitize("<textarea readonly=\"readonly\"></textarea>",
    983                 "<textarea readonly=\"readonly\"></textarea>");
    984         sanitize("<textarea required=\"required\"></textarea>",
    985                 "<textarea required=\"required\"></textarea>");
    986         sanitize("<textarea rows=\"3\"></textarea>", "<textarea rows=\"3\"></textarea>");
    987         sanitize("<textarea wrap=\"soft\"></textarea>", "<textarea wrap=\"soft\"></textarea>");
    988     }
    989 
    990     public void testTfoot() {
    991         sanitize("<tfoot></tfoot>", "<tfoot></tfoot>");
    992         sanitize("<tfoot align=\"left\"></tfoot>", "<tfoot align=\"left\"></tfoot>");
    993         sanitize("<tfoot char=\"something\"></tfoot>", "<tfoot char=\"something\"></tfoot>");
    994         sanitize("<tfoot charoff=\"1\"></tfoot>", "<tfoot charoff=\"1\"></tfoot>");
    995         sanitize("<tfoot valign=\"top\"></tfoot>", "<tfoot valign=\"top\"></tfoot>");
    996     }
    997 
    998     public void testTh() {
    999         sanitize("<th></th>", "<th></th>");
   1000         sanitize("<th abbr=\"something\"></th>", "<th abbr=\"something\"></th>");
   1001         sanitize("<th align=\"left\"></th>", "<th align=\"left\"></th>");
   1002         sanitize("<th axis=\"something\"></th>", "<th axis=\"something\"></th>");
   1003         sanitize("<th bgcolor=\"red\"></th>", "<th bgcolor=\"red\"></th>");
   1004         sanitize("<th char=\"something\"></th>", "<th char=\"something\"></th>");
   1005         sanitize("<th charoff=\"22\"></th>", "<th charoff=\"22\"></th>");
   1006         sanitize("<th colspan=\"33\"></th>", "<th colspan=\"33\"></th>");
   1007         sanitize("<th height=\"44\"></th>", "<th height=\"44\"></th>");
   1008         sanitize("<th nowrap=\"nowrap\"></th>", "<th nowrap=\"nowrap\"></th>");
   1009         sanitize("<th rowspan=\"3\"></th>", "<th rowspan=\"3\"></th>");
   1010         sanitize("<th scope=\"col\"></th>", "<th scope=\"col\"></th>");
   1011         sanitize("<th sorted=\"reversed\"></th>", "<th sorted=\"reversed\"></th>");
   1012         sanitize("<th valign=\"top\"></th>", "<th valign=\"top\"></th>");
   1013         sanitize("<th width=\"55\"></th>", "<th width=\"55\"></th>");
   1014 
   1015         sanitize("<th headers=\"headerId\"></th>", "<th></th>");
   1016     }
   1017 
   1018     public void testThead() {
   1019         sanitize("<thead></thead>", "<thead></thead>");
   1020         sanitize("<thead align=\"left\"></thead>", "<thead align=\"left\"></thead>");
   1021         sanitize("<thead char=\"something\"></thead>", "<thead char=\"something\"></thead>");
   1022         sanitize("<thead charoff=\"1\"></thead>", "<thead charoff=\"1\"></thead>");
   1023         sanitize("<thead valign=\"top\"></thead>", "<thead valign=\"top\"></thead>");
   1024     }
   1025 
   1026     public void testTime() {
   1027         sanitize("<time></time>", "<time></time>");
   1028         sanitize("<time datetime=\"datetime\"></time>", "<time datetime=\"datetime\"></time>");
   1029     }
   1030 
   1031     public void testTitle() {
   1032         sanitize("<title>something</title>", "");
   1033     }
   1034 
   1035     public void testTr() {
   1036         sanitize("<tr></tr>", "<tr></tr>");
   1037         sanitize("<tr align=\"left\"></tr>", "<tr align=\"left\"></tr>");
   1038         sanitize("<tr bgcolor=\"red\"></tr>", "<tr bgcolor=\"red\"></tr>");
   1039         sanitize("<tr char=\"something\"></tr>", "<tr char=\"something\"></tr>");
   1040         sanitize("<tr charoff=\"1\"></tr>", "<tr charoff=\"1\"></tr>");
   1041         sanitize("<tr valign=\"top\"></tr>", "<tr valign=\"top\"></tr>");
   1042     }
   1043 
   1044     public void testTrack() {
   1045         sanitize("<track/>", "");
   1046         sanitize("<track></track>", "");
   1047     }
   1048 
   1049     public void testTt() {
   1050         sanitize("<tt>something</tt>", "<tt>something</tt>");
   1051     }
   1052 
   1053     public void testU() {
   1054         sanitize("<u>something</u>", "<u>something</u>");
   1055     }
   1056 
   1057     public void testUl() {
   1058         sanitize("<ul compact=\"compact\"></ul>", "<ul compact=\"compact\"></ul>");
   1059         sanitize("<ul type=\"disc\"></ul>", "<ul type=\"disc\"></ul>");
   1060     }
   1061 
   1062     public void testVar() {
   1063         sanitize("<var>something</var>", "<var>something</var>");
   1064     }
   1065 
   1066     public void testVideo() {
   1067         sanitize("<video></video>", "");
   1068     }
   1069 
   1070     public void testWbr() {
   1071         sanitize("word1<wbr/>word2", "word1<wbr />word2");
   1072     }
   1073 
   1074     private void sanitize(String dirtyHTML, String expectedHTML) {
   1075         final String cleansedHTML = HtmlSanitizer.sanitizeHtml(dirtyHTML);
   1076         assertEquals(expectedHTML, cleansedHTML);
   1077     }
   1078 }
   1079