from collections import namedtuple from CTFd.utils.security.sanitize import sanitize_html Case = namedtuple("Case", ["input", "expected"]) def test_sanitize_html_empty(): """Test sanitize_html with empty input""" assert sanitize_html("") == "" def test_sanitize_html_basic_tags(): """Test that basic HTML tags are preserved""" cases = [ Case("

Hello World

", "

Hello World

"), Case("

Content

", "

Content

"), Case("Text", "Text"), Case("Bold", "Bold"), Case("Italic", "Italic"), Case("

Header

", "

Header

"), Case("

Header

", "

Header

"), Case("

Header

", "

Header

"), Case( "

Item 1
Item 2

", "

Item 1
Item 2

", ), Case( "

Item 1
Item 2

", "

Item 1
Item 2

", ), ] for case in cases: assert sanitize_html(case.input) == case.expected def test_sanitize_html_links(): """Test that links are sanitized with proper rel attributes""" cases = [ Case( 'Link', 'Link', ), Case( 'Link', 'Link', ), Case( 'Link', 'Link', ), Case( 'Link', 'Link', ), Case( 'Email', 'Email', ), Case( 'Phone', 'Phone', ), Case( 'Evil', 'Evil', ), Case( 'Anchor', 'Anchor', ), Case( 'Query', 'Query', ), Case( 'Query', 'Query', ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_images(): """Test that images are preserved with allowed attributes""" cases = [ Case( ' Test Image

', ' Test Image

', ), Case( ' Local Image

', ' Local Image

', ), Case( ' Red dot

', ' Red dot

', ), Case( ' Animated

', ' Animated

', ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_dangerous_content(): """Test that dangerous content is removed or sanitized""" cases = [ Case('', ""), Case('', ""), Case('

', ""), Case('

', ""), Case('', ""), Case("

Content

", "

Content

"), Case('

', '

'), Case('

', '

'), Case("Content", "Content"), Case('', ""), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_forms(): """Test that form elements are preserved""" cases = [ Case( '', '', ), Case( '', '', ), Case( '', '', ), Case( '', '', ), Case( 'Username:', 'Username:', ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_media(): """Test that media elements are preserved""" cases = [ Case( '

', '

', ), Case( '

', '

', ), Case( '', '', ), Case( '', '', ), ] for case in cases: result = sanitize_html(case.input) print(result) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_tables(): """Test that table elements are preserved""" cases = [ Case( "

Header	Data

", "

Header	Data

", ), Case( '

Cell

', '

Cell

', ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_attributes(): """Test that allowed attributes are preserved and dangerous ones removed""" cases = [ Case( '

Content

', '

Content

', ), Case( '

Modal

', '

Modal

', ), Case( '', '', ), Case( ' Alt Text

', ' Alt Text

', ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_comments(): """Test that HTML comments are preserved""" cases = [ Case( "

Content

", "

Content

", ), Case( "

BeforeAfter

", "

BeforeAfter

", ), Case( "", ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_href_sanitization(): """Test that href attributes are properly sanitized""" cases = [ Case( 'abcCLICK', 'abcCLICK', ), Case( 'Link', 'Link', ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_malformed(): """Test sanitize_html with malformed HTML""" cases = [ Case("

Unclosed paragraph", "

Unclosed paragraph

"), Case( "Improperly nested", "Improperly nested", ), Case("Text with & ampersand", "Text with & ampersand"), Case("Text with < less than", "Text with < less than"), Case("Text with > greater than", "Text with > greater than"), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_whitespace(): """Test that whitespace is preserved correctly""" cases = [ Case("Hi.\n", "Hi.\n"), Case("\t\n \n\t", "\t\n \n\t"), Case("

Spaced content

", "

Spaced content

"), Case("

  Code with spaces

", "

  Code with spaces

"), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}" def test_sanitize_html_complex_content(): """Test sanitize_html with complex mixed content""" cases = [ Case( """

Welcome to CTF

This is a challenge description with formatting.

Hint 1: Look at the source
Hint 2: Check the headers

Visit this link for more info.

print("Hello World")

""", """

Welcome to CTF

This is a challenge description with formatting.

Hint 1: Look at the source
Hint 2: Check the headers

Visit this link for more info.

print("Hello World")

""", ), ] for case in cases: result = sanitize_html(case.input) assert ( result == case.expected ), f"Input: {case.input}, Expected: {case.expected}, Got: {result}"