|
// retoor <retoor@molodetz.nl>
|
|
|
|
import "markdown" for Markdown
|
|
|
|
var unsafe = Markdown.toHtml("<script>alert('xss')</script>")
|
|
System.print(unsafe.contains("<script>")) // expect: true
|
|
|
|
var safe = Markdown.toHtml("<script>alert('xss')</script>", {"safeMode": true})
|
|
System.print(safe.contains("<script>")) // expect: false
|
|
System.print(safe.contains("<script>")) // expect: true
|
|
|
|
var safeCode = Markdown.toHtml("```\n<div>test</div>\n```", {"safeMode": true})
|
|
System.print(safeCode.contains("<div>")) // expect: false
|
|
System.print(safeCode.contains("<div>")) // expect: true
|
|
|
|
var safeInline = Markdown.toHtml("Text with <b>html</b> inside", {"safeMode": true})
|
|
System.print(safeInline.contains("<b>")) // expect: false
|
|
System.print(safeInline.contains("<b>")) // expect: true
|
|
|
|
var ampersand = Markdown.toHtml("A & B", {"safeMode": true})
|
|
System.print(ampersand.contains("&")) // expect: true
|