Support for safe external scripts via explicit whitelist.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2025-07-10 17:26:25 +02:00 · 2012-04-27 17:44:49 -04:00
parent 7291f19347
commit 2189a9430f
8 changed files with 95 additions and 2 deletions
--- a/tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php
+++ b/tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php
@ -0,0 +1,33 @@
+<?php
+
+class HTMLPurifier_HTMLModule_SafeScriptingTest extends HTMLPurifier_HTMLModuleHarness
+{
+
+    function setUp() {
+        parent::setUp();
+        $this->config->set('HTML.SafeScripting', array('http://localhost/foo.js'));
+    }
+
+    function testMinimal() {
+        $this->assertResult(
+            '<script></script>',
+            ''
+        );
+    }
+
+    function testGood() {
+        $this->assertResult(
+            '<script type="text/javascript" src="http://localhost/foo.js" />'
+        );
+    }
+
+    function testBad() {
+        $this->assertResult(
+            '<script type="text/javascript" src="http://localhost/foobar.js" />',
+            ''
+        );
+    }
+
+}
+
+// vim: et sw=4 sts=4