1 files changed, 32 insertions, 0 deletions

diff --git a/internal/reader/rewrite/rewriter_test.go b/internal/reader/rewrite/rewriter_test.go
index 3910ccd4..fa2b765b 100644
--- a/internal/reader/rewrite/rewriter_test.go
+++ b/internal/reader/rewrite/rewriter_test.go
@@ -671,3 +671,35 @@ func TestAddHackerNewsLinksUsingOpener(t *testing.T) {
 		t.Errorf(`Not expected output: got "%+v" instead of "%+v"`, testEntry, controlEntry)
 	}
 }
+
+func TestAddImageTitle(t *testing.T) {
+	testEntry := &model.Entry{
+		Title: `A title`,
+		Content: `
+		<img src="pif" title="pouf">
+		<img src="pif" title="pouf" alt='"onerror=alert(1) a="'>
+		<img src="pif" title="pouf" alt='&quot;onerror=alert(1) a=&quot'>
+		<img src="pif" title="pouf" alt=';&amp;quot;onerror=alert(1) a=;&amp;quot;'>
+		<img src="pif" alt="pouf" title='"onerror=alert(1) a="'>
+		<img src="pif" alt="pouf" title='&quot;onerror=alert(1) a=&quot'>
+		<img src="pif" alt="pouf" title=';&amp;quot;onerror=alert(1) a=;&amp;quot;'>
+		`,
+	}
+
+	controlEntry := &model.Entry{
+		Title: `A title`,
+		Content: `<figure><img src="pif" alt=""/><figcaption><p>pouf</p></figcaption></figure>
+		<figure><img src="pif" alt="" onerror="alert(1)" a=""/><figcaption><p>pouf</p></figcaption></figure>
+		<figure><img src="pif" alt="" onerror="alert(1)" a=""/><figcaption><p>pouf</p></figcaption></figure>
+		<figure><img src="pif" alt=";&#34;onerror=alert(1) a=;&#34;"/><figcaption><p>pouf</p></figcaption></figure>
+		<figure><img src="pif" alt="pouf"/><figcaption><p>&#34;onerror=alert(1) a=&#34;</p></figcaption></figure>
+		<figure><img src="pif" alt="pouf"/><figcaption><p>&#34;onerror=alert(1) a=&#34;</p></figcaption></figure>
+		<figure><img src="pif" alt="pouf"/><figcaption><p>;&amp;quot;onerror=alert(1) a=;&amp;quot;</p></figcaption></figure>
+		`,
+	}
+	Rewriter("https://example.org/article", testEntry, `add_image_title`)
+
+	if !reflect.DeepEqual(testEntry, controlEntry) {
+		t.Errorf(`Not expected output: got "%+v" instead of "%+v"`, testEntry, controlEntry)
+	}
+}