Fuzz testing

[notriddle]

We really should do some form of exhaustive testing.

• [ ] Testing to make sure that ammonia doesn't crash. That should be pretty easy, though, since the most complex parts of ammonia are all in html5ever, it probably won't find much.
• [ ] Testing to make sure that a browser never runs JavaScript after Ammonia filters a piece of HTML. That could be a bit harder, but it's probably a lot more valuable.

[willkg]

If it helps, feel free to use Bleach's test data. We didn't build it in a way that's easy for other projects to use, but I'm game for fixing that if you have ideas.

https://github.com/mozilla/bleach/tree/master/tests

Also:

https://github.com/mozilla/bleach/tree/master/tests_website

[notriddle]

Bleach is under the Apache license.

Ammonia is dual Apache / MIT license, for GPLv2 compatibility and to match with rustc.

[Eijebong]

@notriddle I played with fuzzing some times ago. The only crash I could find was in html5ever https://github.com/servo/html5ever/issues/305

[mozfreddyb]

For future reference, there's also https://github.com/servo/html5ever/issues/290 (segfault) and https://github.com/servo/html5ever/issues/289 (high CPU usage on malformed input).