github.com/greenpau/go-authcrunch@v1.1.4/pkg/util/sanitizer_test.go

github.com/greenpau/go-authcrunch@v1.1.4/pkg/util/sanitizer_test.go (about)

     1  // Copyright 2022 Paul Greenberg greenpau@outlook.com
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package util
    16  
    17  import (
    18  	"github.com/greenpau/go-authcrunch/internal/tests"
    19  	"testing"
    20  )
    21  
    22  func TestSanitizeURL(t *testing.T) {
    23  	t.Run("should sanitize  url if its malformed in a way that is intended to cause a XSS", func(t *testing.T) {
    24  		maliciousURL := "https://www.google.com/search?hl=en&q=testing'\"()&%<acx><ScRiPt >alert(9854)</ScRiPt>"
    25  		sanitizedURL := SanitizeURL(maliciousURL)
    26  		tests.EvalObjectsWithLog(t,
    27  			"sanitized url",
    28  			"https://www.google.com/search?hl=en%26q=testing%27%22()%26%%3Cacx%3E%3CScRiPt %3Ealert(9854)%3C/ScRiPt%3E",
    29  			sanitizedURL,
    30  			[]string{},
    31  		)
    32  	})
    33  }