The bug came from bbcode parser which transforms \n with <br>. So I just remove the br tag in bbcode parser before applying the mardown parser. Fix #1480
92 lignes
5,5 Kio
92 lignes
5,5 Kio
package sanitize
import (
func TestMarkdownToHTML(t *testing.T) {
assert := assert.New(t)
tests := []struct {
Test string
Result template.HTML
{"", ""},
{"> lll", "<blockquote>\n<p>lll</p>\n</blockquote>\n"},
{"> lll > lol", "<blockquote>\n<p>lll > lol</p>\n</blockquote>\n"}, // Limit number of blockquotes
{"> lll", "<blockquote>\n<p>lll</p>\n</blockquote>\n"},
{"\n", ""},
{"<b>lol</b>", "<p><b>lol</b></p>\n"}, // keep HTML tags
{"[b]lol[/b]", "<p>[b]lol[/b]</p>\n"}, // keep BBCode tags
{"**[b]lol[/b]**", "<p><strong>[b]lol[/b]</strong></p>\n"}, // Render Markdown
for _, test := range tests {
assert.Equal(test.Result, MarkdownToHTML(test.Test), "Should be equal")
func TestParseBBCodes(t *testing.T) {
assert := assert.New(t)
tests := []struct {
Test string
Result string
{"", ""},
{">", ">"}, // keep escaped html
{"<b>lol</b>", "<b>lol</b>"}, // keep html tags
{"ddd\nddd", "ddd\nddd"}, // keep html tags
{"[b]lol[/b]", "<b>lol</b>"}, // Convert bbcodes
{"[u][b]lol[/u]", "<u><b>lol</b></u>"}, // Close unclosed tags
for _, test := range tests {
assert.Equal(test.Result, ParseBBCodes(test.Test), "Should be equal")
assert.Contains(ParseBBCodes("[url=]lol[/url]"), "rel=\"nofollow\"") // rel="nofollow" for urls
func TestRepairHTMLTags(t *testing.T) {
assert := assert.New(t)
tests := []struct {
Test string
Result string
{"", ""},
{">", ">"}, // keep escaped html
{"<b>lol</b>", "<b>lol</b>"}, // keep html tags
{"<b><u>lol</b>", "<b><u>lol</u></b>"}, // close unclosed tags encapsulated
{"<b><u>lol", "<b><u>lol</u></b>"}, // close unclosed tags non encapsulated
{"<b><u>lol</em>", "<b><u>lol</u></b>"}, // close unclosed tags non encaptsulated + remove useless end tags
{"<div><b><u>lol</em></div>", "<div><b><u>lol</u></b></div>"}, // close unclosed tags + remove useless end tags encaptsulated
for _, test := range tests {
assert.Equal(test.Result, repairHTMLTags(test.Test), "Should be equal")
func TestSanitize(t *testing.T) {
assert := assert.New(t)
tests := []struct {
Test string
Result string
{"", ""},
{"[b]lol[/b]", "<b>lol</b>"}, // Should convert bbcodes
{"ddd\nddd", "ddd\nddd"},
{">", ">"}, // keep escaped html
{"<b>lol</b>", "<b>lol</b>"}, // keep html tags
{"<b><u>lol</b>", "<b><u>lol</u></b>"}, // close unclosed tags encapsulated
{"<b><u>lol", "<b><u>lol</u></b>"}, // close unclosed tags non encapsulated
{"<b><u>lol</em>", "<b><u>lol</u></b>"}, // close unclosed tags non encaptsulated + remove useless end tags
{"<div><b><u>lol</em></div>", "<b><u>lol</u></b>"}, // close unclosed tags + remove useless end tags encaptsulated and remove div tag
{"Hello <STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>World", "Hello World"}, // Remove css XSS
{"<a href=\"javascript:alert('XSS1')\" onmouseover=\"alert('XSS2')\">XSS<a>", "XSS"}, // Remove javascript xss
{"<a href=\"\"><img src=\"\"/></a>", "<a href=\"\" rel=\"nofollow\"><img src=\"\"/></a>"}, // We allow img and linl
{"<img src=\"\">", ""}, // But not allow datauri img by default
{"<objet></object><embed></embed><base><iframe />", ""}, // Not allowed elements by default
for _, test := range tests {
assert.Equal(test.Result, Sanitize(test.Test, "default"), "Should be equal")