mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-05 13:47:24 +02:00
[2.1.0] Migrate host blacklist functionality to URIFilter.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1336 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
@@ -2,6 +2,7 @@
|
||||
|
||||
require_once 'HTMLPurifier/AttrDefHarness.php';
|
||||
require_once 'HTMLPurifier/AttrDef/URI.php';
|
||||
require_once 'HTMLPurifier/URIParser.php';
|
||||
|
||||
/**
|
||||
* @todo Aim for complete code coverage with mocks
|
||||
@@ -48,48 +49,34 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('javascript:foobar();', false);
|
||||
}
|
||||
|
||||
function test_validate_configDisableExternal() {
|
||||
|
||||
$this->def = new HTMLPurifier_AttrDef_URI();
|
||||
|
||||
$this->config->set('URI', 'DisableExternal', true);
|
||||
$this->config->set('URI', 'Host', 'sub.example.com');
|
||||
|
||||
$this->assertDef('/foobar.txt');
|
||||
$this->assertDef('http://google.com/', false);
|
||||
$this->assertDef('http://sub.example.com/alas?foo=asd');
|
||||
$this->assertDef('http://example.com/teehee', false);
|
||||
$this->assertDef('http://www.example.com/#man', false);
|
||||
$this->assertDef('http://go.sub.example.com/perhaps?p=foo');
|
||||
|
||||
function testDefaultSchemeRemovedInBlank() {
|
||||
$this->assertDef('http:', '');
|
||||
}
|
||||
|
||||
function test_validate_configDisableExternalResources() {
|
||||
|
||||
$this->config->set('URI', 'DisableExternalResources', true);
|
||||
|
||||
$this->assertDef('http://sub.example.com/alas?foo=asd');
|
||||
$this->assertDef('/img.png');
|
||||
|
||||
$this->def = new HTMLPurifier_AttrDef_URI(true);
|
||||
|
||||
$this->assertDef('http://sub.example.com/alas?foo=asd', false);
|
||||
$this->assertDef('/img.png');
|
||||
|
||||
function testDefaultSchemeRemovedInRelativeURI() {
|
||||
$this->assertDef('http:/foo/bar', '/foo/bar');
|
||||
}
|
||||
|
||||
function test_validate_configBlacklist() {
|
||||
|
||||
$this->config->set('URI', 'HostBlacklist', array('example.com', 'moo'));
|
||||
|
||||
$this->assertDef('foo.txt');
|
||||
$this->assertDef('http://www.google.com/example.com/moo');
|
||||
|
||||
$this->assertDef('http://example.com/#23', false);
|
||||
$this->assertDef('https://sub.domain.example.com/foobar', false);
|
||||
$this->assertDef('http://example.com.example.net/?whoo=foo', false);
|
||||
$this->assertDef('ftp://moo-moo.net/foo/foo/', false);
|
||||
|
||||
function testDefaultSchemeNotRemovedInAbsoluteURI() {
|
||||
$this->assertDef('http://example.com/foo/bar');
|
||||
}
|
||||
|
||||
function testAltSchemeNotRemoved() {
|
||||
$this->assertDef('mailto:this-looks-like-a-path@example.com');
|
||||
}
|
||||
|
||||
function testURIDefinitionValidation() {
|
||||
$parser = new HTMLPurifier_URIParser();
|
||||
$uri = $parser->parse('http://example.com');
|
||||
$this->config->set('URI', 'DefinitionID', 'HTMLPurifier_AttrDef_URITest->testURIDefinitionValidation');
|
||||
$uri_def =& $this->config->getDefinition('URI');
|
||||
// overload with mock
|
||||
generate_mock_once('HTMLPurifier_URIDefinition');
|
||||
$uri_def = new HTMLPurifier_URIDefinitionMock();
|
||||
$uri_def->expectOnce('filter', array($uri, '*', '*'));
|
||||
$uri_def->setReturnValue('filter', true, array($uri, '*', '*'));
|
||||
$uri_def->setup = true;
|
||||
$this->assertDef('http://example.com');
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
30
tests/HTMLPurifier/URIFilter/HostBlacklistTest.php
Normal file
30
tests/HTMLPurifier/URIFilter/HostBlacklistTest.php
Normal file
@@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
require_once 'HTMLPurifier/URIFilter/HostBlacklist.php';
|
||||
require_once 'HTMLPurifier/URIFilterHarness.php';
|
||||
|
||||
class HTMLPurifier_URIFilter_HostBlacklistTest extends HTMLPurifier_URIFilterHarness
|
||||
{
|
||||
|
||||
function setUp() {
|
||||
parent::setUp();
|
||||
$this->filter = new HTMLPurifier_URIFilter_HostBlacklist();
|
||||
}
|
||||
|
||||
function testRejectBlacklistedHost() {
|
||||
$this->config->set('URI', 'HostBlacklist', 'example.com');
|
||||
$this->assertFiltering('http://example.com', false);
|
||||
}
|
||||
|
||||
function testRejectBlacklistedHostThoughNotTrue() {
|
||||
// maybe this behavior should change
|
||||
$this->config->set('URI', 'HostBlacklist', 'example.com');
|
||||
$this->assertFiltering('http://example.comcast.com', false);
|
||||
}
|
||||
|
||||
function testPreserveNonBlacklistedHost() {
|
||||
$this->config->set('URI', 'HostBlacklist', 'example.com');
|
||||
$this->assertFiltering('http://google.com');
|
||||
}
|
||||
|
||||
}
|
||||
@@ -151,22 +151,6 @@ class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
|
||||
}
|
||||
}
|
||||
|
||||
function test_validate_defaultSchemeRemovedInBlank() {
|
||||
$this->assertValidation('http:', '');
|
||||
}
|
||||
|
||||
function test_validate_defaultSchemeRemovedInRelativeURI() {
|
||||
$this->assertValidation('http:/foo/bar', '/foo/bar');
|
||||
}
|
||||
|
||||
function test_validate_defaultSchemeNotRemovedInAbsoluteURI() {
|
||||
$this->assertValidation('http://example.com/foo/bar');
|
||||
}
|
||||
|
||||
function test_validate_altSchemeNotRemoved() {
|
||||
$this->assertValidation('mailto:this-looks-like-a-path@example.com');
|
||||
}
|
||||
|
||||
function test_validate_overlongPort() {
|
||||
$this->assertValidation('http://example.com:65536', 'http://example.com');
|
||||
}
|
||||
@@ -176,7 +160,7 @@ class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
|
||||
}
|
||||
|
||||
function test_validate_invalidHostThatLooksLikeIPv6() {
|
||||
$this->assertValidation('http://[2001:0db8:85z3:08d3:1319:8a2e:0370:7334]', '');
|
||||
$this->assertValidation('http://[2001:0db8:85z3:08d3:1319:8a2e:0370:7334]', 'http:');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user