mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-30 19:00:10 +02:00
Code Issues Releases Wiki Activity

[3.1.1] Implement SafeEmbed. Also, miscellaneous bugfixes.

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1781 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-06-10 01:18:03 +00:00
parent 13eb016e06
commit 36bd06d53e
15 changed files with 162 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
tests/HTMLPurifier/HTMLModule/SafeEmbedTest.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
class HTMLPurifier_HTMLModule_SafeEmbedTest extends HTMLPurifier_HTMLModuleHarness
{
function setUp() {
parent::setUp();
$this->config->set('HTML', 'DefinitionID', 'HTMLPurifier_HTMLModule_SafeEmbedTest');
$def = $this->config->getHTMLDefinition(true);
$def->manager->addModule('SafeEmbed');
}
function testMinimal() {
$this->assertResult(
'<embed src="http://www.youtube.com/v/RVtEQxH7PWA&amp;hl=en" />',
'<embed src="http://www.youtube.com/v/RVtEQxH7PWA&amp;hl=en" allowscriptaccess="never" allownetworking="internal" type="application/x-shockwave-flash" />'
);
}
function testYouTube() {
$this->assertResult(
'<embed src="http://www.youtube.com/v/RVtEQxH7PWA&amp;hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed>',
'<embed src="http://www.youtube.com/v/RVtEQxH7PWA&amp;hl=en" type="application/x-shockwave-flash" width="425" height="344" allowscriptaccess="never" allownetworking="internal" />'
);
}
function testMalicious() {
$this->assertResult(
'<embed src="http://example.com/bad.swf" type="application/x-shockwave-flash" width="9999999" height="3499994" allowscriptaccess="always" allownetworking="always" />',
'<embed src="http://example.com/bad.swf" type="application/x-shockwave-flash" width="1200" height="1200" allowscriptaccess="never" allownetworking="internal" />'
);
}
function testFull() {
$this->assertResult(
'<b><embed src="http://www.youtube.com/v/RVtEQxH7PWA&amp;hl=en" type="application/x-shockwave-flash" width="24" height="23" allowscriptaccess="never" allownetworking="internal" wmode="window" /></b>'
);
}
}

20
tests/HTMLPurifierTest.php
View File

@@ -194,5 +194,25 @@ alert("<This is compatible with XHTML>");
);
}
function test_safeObjectAndEmbed() {
$this->config->set('HTML', 'SafeObject', true);
$this->config->set('HTML', 'SafeEmbed', true);
$this->assertPurification(
'<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en"></param><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>',
'<object width="425" height="344" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" /><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" type="application/x-shockwave-flash" width="425" height="344" allowscriptaccess="never" allownetworking="internal" /></object>'
);
}
function test_safeObjectAndEmbedWithSecureMunge() {
$this->config->set('HTML', 'SafeObject', true);
$this->config->set('HTML', 'SafeEmbed', true);
$this->config->set('URI', 'SecureMunge', '/redirect.php?url=%s&check=%t');
$this->config->set('URI', 'SecureMungeSecretKey', 'foo');
$this->assertPurification(
'<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en"></param><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>',
'<object width="425" height="344" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" /><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" type="application/x-shockwave-flash" width="425" height="344" allowscriptaccess="never" allownetworking="internal" /></object>'
);
}
}