mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-07-10 09:16:20 +02:00
[3.1.1] Implement SafeObject.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
42
tests/HTMLPurifier/HTMLModule/SafeObjectTest.php
Normal file
42
tests/HTMLPurifier/HTMLModule/SafeObjectTest.php
Normal file
@ -0,0 +1,42 @@
|
||||
<?php
|
||||
|
||||
class HTMLPurifier_HTMLModule_SafeObjectTest extends HTMLPurifier_HTMLModuleHarness
|
||||
{
|
||||
|
||||
function setUp() {
|
||||
parent::setUp();
|
||||
$this->config->set('HTML', 'DefinitionID', 'HTMLPurifier_HTMLModule_SafeObjectTest');
|
||||
$def = $this->config->getHTMLDefinition(true);
|
||||
$def->manager->addModule('SafeObject');
|
||||
}
|
||||
|
||||
function testMinimal() {
|
||||
$this->assertResult(
|
||||
'<object></object>',
|
||||
'<object type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
|
||||
);
|
||||
}
|
||||
|
||||
function testYouTube() {
|
||||
// embed is purposely removed
|
||||
$this->assertResult(
|
||||
'<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/RVtEQxH7PWA&hl=en"></param><embed src="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>',
|
||||
'<object width="425" height="344" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" /></object>'
|
||||
);
|
||||
}
|
||||
|
||||
function testMalicious() {
|
||||
$this->assertResult(
|
||||
'<object width="9999999" height="9999999"><param name="allowScriptAccess" value="always" /><param name="movie" value="http://example.com/attack.swf" /></object>',
|
||||
'<object width="1200" height="1200" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://example.com/attack.swf" /></object>'
|
||||
);
|
||||
}
|
||||
|
||||
function testFull() {
|
||||
$this->assertResult(
|
||||
'<b><object width="425" height="344" type="application/x-shockwave-flash" data="Foobar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" /><param name="wmode" value="window" /></object></b>'
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
Reference in New Issue
Block a user