use strict;
use warnings;
use Test::More;
use HTML::Restrict;
my $hr = HTML::Restrict->new(
rules => {
a => [qw( href )],
img => [qw( src /)],
blockquote => [qw( cite )],
},
);
$hr->set_uri_schemes([ 'http', 'https', undef, 'ftp' ]);
cmp_ok(
$hr->process( '<a href="http://example.com">link</a>' ),
'eq', '<a href="http://example.com">link</a>',
'http scheme preserved',
);
cmp_ok(
$hr->process( '<a href="https://example.com">link</a>' ),
'eq', '<a href="https://example.com">link</a>',
'https scheme preserved',
);
cmp_ok(
$hr->process( '<a href="/some/file">link</a>' ),
'eq', '<a href="/some/file">link</a>',
'relative scheme preserved',
);
cmp_ok(
$hr->process( '<a href="ftp://example.com">link</a>' ),
'eq', '<a href="ftp://example.com">link</a>',
'ftp scheme preserved',
);
cmp_ok(
$hr->process( '<a href="file://example.com">link</a>' ),
'eq', '<a>link</a>',
'file scheme removed',
);
cmp_ok(
$hr->process( '<img src="javascript:evil_fc()" />' ),
'eq', '<img />',
'img src with javascript removed',
);
cmp_ok(
$hr->process( '<blockquote cite="javascript:evil_fc()">blockquote</blockquote>' ),
'eq', '<blockquote>blockquote</blockquote>',
'blockquote cite with javascript removed',
);
# disable relative schemes
$hr->set_uri_schemes([ 'http', 'https', 'ftp' ]);
cmp_ok(
$hr->process( '<a href="/some/file">link</a>' ),
'eq', '<a>link</a>',
'relative scheme removed',
);
done_testing();