Add require-closing-tags to default schema

With tests to verify it is accepted and parsed in the policy.
nahsra · Mar 26, 2022 · bc8779b · bc8779b
1 parent cd01169
commit bc8779b
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 6 deletions.
diff --git a/src/main/resources/antisamy.xsd b/src/main/resources/antisamy.xsd
@@ -13,7 +13,8 @@
 				<xsd:element name="tags-to-encode" type="TagsToEncodeList" minOccurs="0"/>
 				<xsd:element name="tag-rules" type="TagRules"/>
 				<xsd:element name="css-rules" type="CSSRules"/>
-	        	<xsd:element name="allowed-empty-tags" type="AllowedEmptyTags" minOccurs="0"/>
+				<xsd:element name="allowed-empty-tags" type="LiteralListTag" minOccurs="0"/>
+				<xsd:element name="require-closing-tags" type="LiteralListTag" minOccurs="0"/>
 			</xsd:sequence>
 		</xsd:complexType>
 	</xsd:element>
@@ -65,7 +66,7 @@
 		<xsd:attribute name="action" use="required"/>
 	</xsd:complexType>
 
-    <xsd:complexType name="AllowedEmptyTags">
+    <xsd:complexType name="LiteralListTag">
         <xsd:sequence>
             <xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
         </xsd:sequence>

diff --git a/src/test/java/org/owasp/validator/html/test/PolicyTest.java b/src/test/java/org/owasp/validator/html/test/PolicyTest.java
@@ -72,9 +72,9 @@ public class PolicyTest {
     private static final String FOOTER = "</anti-samy-rules>";
 
     // Returns a valid policy file with the specified allowedEmptyTags
-    private String assembleFile(String allowedEmptyTagsSection) {
+    private String assembleFile(String finalTagsSection) {
         return HEADER + DIRECTIVES + COMMON_REGEXPS + COMMON_ATTRIBUTES + GLOBAL_TAG_ATTRIBUTES + DYNAMIC_TAG_ATTRIBUTES + TAG_RULES + CSS_RULES +
-               allowedEmptyTagsSection + FOOTER;
+                finalTagsSection + FOOTER;
     }
 
     @Before
@@ -126,14 +126,64 @@ public void testGetAllowedEmptyTags_emptySection() throws PolicyException {
     @Test
     public void testGetAllowedEmptyTags_NoSection() throws PolicyException {
         String allowedEmptyTagsSection = "";
-
         String policyFile = assembleFile(allowedEmptyTagsSection);
 
         policy = Policy.getInstance(new ByteArrayInputStream(policyFile.getBytes()));
 
         assertTrue(policy.getAllowedEmptyTags().size() == Constants.defaultAllowedEmptyTags.size());
     }
-
+
+    @Test
+    public void testGetRequireClosingTags() throws PolicyException {
+        String requireClosingTagsSection = "<require-closing-tags>\n" +
+                "    <literal-list>\n" +
+                "                <literal value=\"td\"/>\n" +
+                "                <literal value=\"span\"/>\n" +
+                "    </literal-list>\n" +
+                "</require-closing-tags>\n";
+        String policyFile = assembleFile(requireClosingTagsSection);
+
+        policy = Policy.getInstance(new ByteArrayInputStream(policyFile.getBytes()));
+
+        TagMatcher actualTags = policy.getRequiresClosingTags();
+
+        assertTrue(actualTags.matches("td"));
+        assertTrue(actualTags.matches("span"));
+    }
+
+    @Test
+    public void testGetRequireClosingTags_emptyList() throws PolicyException {
+        String requireClosingTagsSection = "<require-closing-tags>\n" +
+                "    <literal-list>\n" +
+                "    </literal-list>\n" +
+                "</require-closing-tags>\n";
+        String policyFile = assembleFile(requireClosingTagsSection);
+
+        policy = Policy.getInstance(new ByteArrayInputStream(policyFile.getBytes()));
+
+        assertEquals(0, policy.getRequiresClosingTags().size());
+    }
+
+    @Test
+    public void testGetRequireClosingTags_emptySection() throws PolicyException {
+        String requireClosingTagsSection = "<require-closing-tags>\n" + "</require-closing-tags>\n";
+        String policyFile = assembleFile(requireClosingTagsSection);
+
+        policy = Policy.getInstance(new ByteArrayInputStream(policyFile.getBytes()));
+
+        assertEquals(0, policy.getRequiresClosingTags().size());
+    }
+
+    @Test
+    public void testGetRequireClosingTags_NoSection() throws PolicyException {
+        String requireClosingTagsSection = "";
+        String policyFile = assembleFile(requireClosingTagsSection);
+
+        policy = Policy.getInstance(new ByteArrayInputStream(policyFile.getBytes()));
+
+        assertTrue(policy.getRequiresClosingTags().size() == Constants.defaultRequireClosingTags.size());
+    }
+
     @Test
     public void testInvalidPolicies() {
         // Default is to now enforce schema validation on policy files.
@@ -295,6 +345,24 @@ public void testSchemaValidationToggleWithInclude() {
         }
     }
 
+    @Test
+    public void testSchemaValidationWithOptionallyDefinedTags() throws PolicyException {
+        String allowedEmptyTagsSection = "<allowed-empty-tags>\n" +
+                "    <literal-list>\n" +
+                "                <literal value=\"span\"/>\n" +
+                "    </literal-list>\n" +
+                "</allowed-empty-tags>\n";
+        String requireClosingTagsSection = "<require-closing-tags>\n" +
+                "    <literal-list>\n" +
+                "                <literal value=\"span\"/>\n" +
+                "    </literal-list>\n" +
+                "</require-closing-tags>\n";
+        String policyFile = assembleFile(allowedEmptyTagsSection + requireClosingTagsSection);
+
+        policy = Policy.getInstance(new ByteArrayInputStream(policyFile.getBytes()));
+        // If it reaches this point, it passed schema validation, which is what we want.
+    }
+
     @Test
     public void testGithubIssue66() {
         // Concern is that LSEP characters are not being considered on .* pattern