Merge pull request #4 from neraliu/comment-the-code

add the comment to the logic of the switch case.
YahooArchive · Jun 26, 2015 · 0f7304b · 0f7304b
2 parents ac87c6a + 1a696d7
commit 0f7304b
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 24 deletions.
diff --git a/src/derived-states.js b/src/derived-states.js
@@ -28,6 +28,19 @@ DerivedState.TransitionsSparse = {
     53: {46: 1}
 };
 
+/* this is the meaning of the key being used in below matrix
+
+0 - do nothing in the postWalk callback, so the input will be filtered out (default switch case).
+1 - append the input to the output buffer, the output buffer will be returned in the purify function call.
+2 - the core logic to handle the tagName, attribute value.
+3 - clean up the attribute value with space encounters.
+4 - set the attribute value to the attribute name when it transits to "after attribute value (quoted) state" or "before attribute name state".
+
+the following 2 handling have the assumption of canonicalization to address some parse error of the html web pages.
+5 - append the '<' with next char for markup declaration open state
+6 - set the self closing tag if solidus is encountered.
+
+*/
 DerivedState.Transitions = [
     [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
     [0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],

diff --git a/tests/unit/html-purify.js b/tests/unit/html-purify.js
@@ -8,17 +8,15 @@ Authors: Aditya Mahendrakar <[email protected]>
          Albert Yu <[email protected]>
          Adonis Fung <[email protected]>
 */
-
-
 (function () {
 
     require("mocha");
-
     var assert = require("assert"),
     	testVectors = require("../test-vectors.js"),
     	html5secVectors = testVectors.html5secVectors,
     	generalVectors = testVectors.generalVectors,
         Purifier = require("../../src/html-purify");
+
     describe('HTML Purify', function() {
 
         it('should allow whitelisted tags and attributes', function(){
@@ -49,63 +47,61 @@ Authors: Aditya Mahendrakar <[email protected]>
         it('should allow self-closing tags', function(){
             var html = "<br /> hello world </br>"
             var output = (new Purifier()).purify(html);
-	    	console.log(output);
+	    console.log(output);
             assert.equal(output, '<br /> hello world </br>');
         });
+
         it('should handle href attributes', function(){
             var html = "<a href=\"http://www.yahoo.com\">yahoo</a>";
             var output = (new Purifier()).purify(html);
-	    	console.log(output);
+	    console.log(output);
             assert.equal(output, '<a href="http://www.yahoo.com">yahoo</a>');
         });
+
         it('should handle js in href attributes', function(){
             var html = "<a href=\"javascript:alert(1)\">yahoo</a>";
             var output = (new Purifier()).purify(html);
-	    	console.log(output);
+	    console.log(output);
             assert.equal(output, '<a href="x-javascript:alert(1)">yahoo</a>');
         });
 
-		it('should strip attributes in the end tag', function(){
+        it('should strip attributes in the end tag', function(){
             var html = "<h1 dir =  \"asd\">hello</h1 id=\"bar\">"
             var output = (new Purifier()).purify(html);
-	    	console.log(output);
+            console.log(output);
             assert.equal(output, '<h1 dir=\"asd\">hello</h1>');
         });
 
         it('should handle characters between attributes correctly', function(){
             var html = "<h1    label  dir =  \"asd\"  evil1 defer \"evil2\" evil3 evil4=\"asdasd\" icon 'evil5>hello</h1>"
             var output = (new Purifier()).purify(html);
-	    	console.log(output);
+            console.log(output);
             assert.equal(output, '<h1 label dir=\"asd\" defer icon>hello</h1>');
         });
 
         it('should allow style attribute if the css is valid', function(){
             var html = "<div style=\"color:#0000FF\">"
             var output = (new Purifier()).purify(html);
-	    	console.log(output);
+            console.log(output);
             assert.equal(output, '<div style=\"color:#0000FF\">');
 
             // invalid css
-       		html = "<div style=\"color;foobar\">"
-      		output = (new Purifier()).purify(html);
-	    	console.log(output);
-      		assert.equal(output, '<div>');
+            html = "<div style=\"color;foobar\">";
+            output = (new Purifier()).purify(html);
+	    console.log(output);
+      	    assert.equal(output, '<div>');
         });
 
         it('should handle additional vectors', function(){
 	    var output, i, vector;
 	    for (var i = 0; i < generalVectors.length; i++) {
-	        vector = generalVectors[i].input;
-		output = (new Purifier()).purify(vector);
-		console.log("*****" + generalVectors[i].id + "*****");
-		console.log("input   ==> " + vector);
-		console.log("output  ==> " + output);
-		assert.equal(output, generalVectors[i].output);
+                vector = generalVectors[i].input;
+                output = (new Purifier()).purify(vector);
+                console.log("*****" + generalVectors[i].id + "*****");
+                console.log("input   ==> " + vector);
+                console.log("output  ==> " + output);
+                assert.equal(output, generalVectors[i].output);
 	    }
-
         });
-
-
     });
-
 }());