diff --git a/src/freenet/client/filter/HTMLFilter.java b/src/freenet/client/filter/HTMLFilter.java index d0f0e6136c..f9157a36d6 100644 --- a/src/freenet/client/filter/HTMLFilter.java +++ b/src/freenet/client/filter/HTMLFilter.java @@ -953,51 +953,57 @@ private static Map getAllowedTagVerifiers() emptyStringArray)); String[] group2 = { - "span", - "address", - "em", - "strong", - "dfn", - "code", - "samp", - "kbd", - "var", - "cite", "abbr", "acronym", - "sub", - "sup", - "dt", - "dd", - "tt", - "i", + "address", + "article", + "aside", "b", - "big", - "small", - "strike", - "s", - "u", - "noframes", - "fieldset", -// Delete . So we can at least see the non-scripting code. -// "noscript", - "xmp", - "listing", - "plaintext", - "center", "bdi", "bdo", - "aside", + "big", + "center", + "cite", + "code", + "dd", + "details", + "dfn", + "dt", + "em", + "fieldset", + "figcaption", + "figure", + "footer", "header", + "hgroup", + "i", + "kbd", + "listing", + "main", + "mark", "nav", - "footer", - "article", + "noframes", + // Delete . So we can at least see the non-scripting code. + //"noscript", + "plaintext", + "rp", + "rt", + "ruby", + "s", + "samp", "section", - "hgroup", - "wbr", + "small", + "span", + "strike", + "strong", + "sub", "summary", - "details", - "main"}; + "sup", + "tt", + "u", + "var", + "wbr", + "xmp"}; for (String x: group2) allowedTagsVerifiers.put( x, diff --git a/test/freenet/client/filter/ContentFilterTest.java b/test/freenet/client/filter/ContentFilterTest.java index a2a861920d..77f2b1a4d7 100644 --- a/test/freenet/client/filter/ContentFilterTest.java +++ b/test/freenet/client/filter/ContentFilterTest.java @@ -115,7 +115,8 @@ public class ContentFilterTest { private static final String SPAN_WITH_STYLE = ""; - private static final String HTML5_TAGS = "
TLDR
Too Long Didn’t Read
"; + private static final String HTML5_TAGS = "
TLDR
Too Long Didn’t Read
Fig.1
"; + private static final String HTML5_BDI_RUBY = "ایران, NorthKoreaNorth Korea"; private static final String BASE_HREF = ""; private static final String BAD_BASE_HREF = ""; @@ -138,6 +139,10 @@ public class ContentFilterTest { HTML_VIDEO_TAG + HTML_AUDIO_TAG, HTML_AUDIO_TAG + HTML_AUDIO_TAG); + private static void testOneHTMLFilter(String html) throws Exception { + assertEquals(html, htmlFilter(html)); + } + @Test public void testHTMLFilter() throws Exception { if (TestProperty.VERBOSE) { @@ -146,7 +151,7 @@ public void testHTMLFilter() throws Exception { // General sanity checks // is "relativization" working? - assertEquals(INTERNAL_RELATIVE_LINK, htmlFilter(INTERNAL_RELATIVE_LINK)); + testOneHTMLFilter(INTERNAL_RELATIVE_LINK); assertEquals(INTERNAL_RELATIVE_LINK, htmlFilter(INTERNAL_RELATIVE_LINK, true)); assertEquals(INTERNAL_RELATIVE_LINK1, htmlFilter(INTERNAL_RELATIVE_LINK1, true)); assertEquals(INTERNAL_RELATIVE_LINK, htmlFilter(INTERNAL_ABSOLUTE_LINK)); @@ -157,15 +162,15 @@ public void testHTMLFilter() throws Exception { // regression testing // bug #710 - assertEquals(ANCHOR_TEST, htmlFilter(ANCHOR_TEST)); - assertEquals(ANCHOR_TEST_EMPTY, htmlFilter(ANCHOR_TEST_EMPTY)); - assertEquals(ANCHOR_TEST_SPECIAL, htmlFilter(ANCHOR_TEST_SPECIAL)); + testOneHTMLFilter(ANCHOR_TEST); + testOneHTMLFilter(ANCHOR_TEST_EMPTY); + testOneHTMLFilter(ANCHOR_TEST_SPECIAL); assertEquals(ANCHOR_TEST_SPECIAL2_RESULT, htmlFilter(ANCHOR_TEST_SPECIAL2)); // bug #2496 - assertEquals(ANCHOR_RELATIVE1, htmlFilter(ANCHOR_RELATIVE1)); - assertEquals(ANCHOR_RELATIVE2, htmlFilter(ANCHOR_RELATIVE2)); - assertEquals(ANCHOR_FALSE_POS1, htmlFilter(ANCHOR_FALSE_POS1)); - assertEquals(ANCHOR_FALSE_POS2, htmlFilter(ANCHOR_FALSE_POS2)); + testOneHTMLFilter(ANCHOR_RELATIVE1); + testOneHTMLFilter(ANCHOR_RELATIVE2); + testOneHTMLFilter(ANCHOR_FALSE_POS1); + testOneHTMLFilter(ANCHOR_FALSE_POS2); // EVIL HACK TEST for #2496 + #2451 assertEquals(ANCHOR_MIXED_RESULT, htmlFilter(ANCHOR_MIXED)); // bug #2451 @@ -176,7 +181,7 @@ public void testHTMLFilter() throws Exception { assertTrue(htmlFilter(PREVENT_EXTERNAL_ACCESS_CSS_SIMPLE).contains("div { }")); assertTrue(htmlFilter(PREVENT_EXTERNAL_ACCESS_CSS_ESCAPE).contains("div { }")); assertTrue(htmlFilter(PREVENT_EXTERNAL_ACCESS_CSS_CASE).contains("div { }")); - assertEquals(WHITELIST_STATIC_CONTENT, htmlFilter(WHITELIST_STATIC_CONTENT)); + testOneHTMLFilter(WHITELIST_STATIC_CONTENT); assertEquals(XHTML_VOIDELEMENTC, htmlFilter(XHTML_VOIDELEMENT)); assertEquals(XHTML_INCOMPLETEDOCUMENTC, htmlFilter(XHTML_INCOMPLETEDOCUMENT)); assertEquals(XHTML_IMPROPERNESTINGC, htmlFilter(XHTML_IMPROPERNESTING)); @@ -193,12 +198,13 @@ public void testHTMLFilter() throws Exception { assertEquals(FRAME_SRC_CHARSET_BADC, htmlFilter(FRAME_SRC_CHARSET_BAD, true)); assertEquals(FRAME_SRC_CHARSET_BAD1C, htmlFilter(FRAME_SRC_CHARSET_BAD1, true)); - assertEquals(CSS_SPEC_EXAMPLE1, htmlFilter(CSS_SPEC_EXAMPLE1)); + testOneHTMLFilter(CSS_SPEC_EXAMPLE1); - assertEquals(SPAN_WITH_STYLE, htmlFilter(SPAN_WITH_STYLE)); - assertEquals(HTML5_TAGS, htmlFilter(HTML5_TAGS)); + testOneHTMLFilter(SPAN_WITH_STYLE); + testOneHTMLFilter(HTML5_TAGS); + testOneHTMLFilter(HTML5_BDI_RUBY); - assertEquals(BASE_HREF, htmlFilter(BASE_HREF)); + testOneHTMLFilter(BASE_HREF); assertEquals(DELETED_BASE_HREF, htmlFilter(BAD_BASE_HREF)); assertEquals(DELETED_BASE_HREF, htmlFilter(BAD_BASE_HREF2)); assertEquals(DELETED_BASE_HREF, htmlFilter(BAD_BASE_HREF3));