From 4193fd018adf7e168ac007ff132b084b2393820f Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sat, 12 Aug 2006 19:11:21 +0000 Subject: [PATCH] Commit a very lenient mailto checker. We'll tighten it later. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a --- library/HTMLPurifier/AttrDef/URI.php | 2 +- library/HTMLPurifier/URIScheme/mailto.php | 22 ++++++++++++++++++++++ tests/HTMLPurifier/AttrDef/URITest.php | 18 ++++++++++++++++-- tests/HTMLPurifier/AttrDefHarness.php | 6 +++--- tests/HTMLPurifier/URISchemeTest.php | 14 +++++++++++--- 5 files changed, 53 insertions(+), 9 deletions(-) create mode 100644 library/HTMLPurifier/URIScheme/mailto.php diff --git a/library/HTMLPurifier/AttrDef/URI.php b/library/HTMLPurifier/AttrDef/URI.php index a44efeb6..33226219 100644 --- a/library/HTMLPurifier/AttrDef/URI.php +++ b/library/HTMLPurifier/AttrDef/URI.php @@ -47,7 +47,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef // retrieve the specific scheme object from the registry $scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme); $scheme_obj =& $registry->getScheme($scheme, $config); - if (!$scheme_obj) return ''; // invalid scheme, clean it out + if (!$scheme_obj) return false; // invalid scheme, clean it out } else { $scheme_obj =& $registry->getScheme( $config->get('URI', 'DefaultScheme'), $config diff --git a/library/HTMLPurifier/URIScheme/mailto.php b/library/HTMLPurifier/URIScheme/mailto.php new file mode 100644 index 00000000..60969ec1 --- /dev/null +++ b/library/HTMLPurifier/URIScheme/mailto.php @@ -0,0 +1,22 @@ + \ No newline at end of file diff --git a/tests/HTMLPurifier/AttrDef/URITest.php b/tests/HTMLPurifier/AttrDef/URITest.php index bfc2b48c..d59b8e35 100644 --- a/tests/HTMLPurifier/AttrDef/URITest.php +++ b/tests/HTMLPurifier/AttrDef/URITest.php @@ -145,7 +145,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness // test invalid scheme, components shouldn't be passed $uri[17] = 'javascript:alert("moo");'; - $expect_uri[17] = ''; + $expect_uri[17] = false; // relative URIs @@ -176,7 +176,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness $this->config = isset($config[$i]) ? $config[$i] : null; $this->context = isset($context[$i]) ? $context[$i] : null; - $this->assertDef($value, $expect_uri[$i], "Test $i: %s"); + $this->assertDef($value, $expect_uri[$i], true, "Test $i: %s"); } @@ -216,6 +216,20 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness $this->scheme->tally(); } + function testIntegration() { + + $this->def = new HTMLPurifier_AttrDef_URI(); + $this->config = $this->context = null; + + $this->assertDef('http://www.google.com/'); + $this->assertDef('javascript:bad_stuff();', false); + $this->assertDef('ftp://www.example.com/'); + $this->assertDef('news:rec.alt'); + $this->assertDef('nntp://news.example.com/324234'); + $this->assertDef('mailto:bob@example.com'); + + } + } ?> \ No newline at end of file diff --git a/tests/HTMLPurifier/AttrDefHarness.php b/tests/HTMLPurifier/AttrDefHarness.php index 8c130ef9..727c5db6 100644 --- a/tests/HTMLPurifier/AttrDefHarness.php +++ b/tests/HTMLPurifier/AttrDefHarness.php @@ -8,18 +8,18 @@ class HTMLPurifier_AttrDefHarness extends UnitTestCase var $config; // cannot be used for accumulator - function assertDef($string, $expect = true, $message = '%s') { + function assertDef($string, $expect = true, $ini = false, $message = '%s') { // $expect can be a string or bool if (!$this->config) $this->config = HTMLPurifier_Config::createDefault(); if (!$this->context) $this->context = new HTMLPurifier_AttrContext(); - $this->setUpAssertDef(); + if ($ini) $this->setUpAssertDef(); $result = $this->def->validate($string, $this->config, $this->context); if ($expect === true) { $this->assertIdentical($string, $result, $message); } else { $this->assertIdentical($expect, $result, $message); } - $this->tearDownAssertDef(); + if ($ini) $this->tearDownAssertDef(); } function setUpAssertDef() {} diff --git a/tests/HTMLPurifier/URISchemeTest.php b/tests/HTMLPurifier/URISchemeTest.php index 157ee956..6cc32b5f 100644 --- a/tests/HTMLPurifier/URISchemeTest.php +++ b/tests/HTMLPurifier/URISchemeTest.php @@ -5,10 +5,13 @@ require_once 'HTMLPurifier/URIScheme.php'; require_once 'HTMLPurifier/URIScheme/http.php'; require_once 'HTMLPurifier/URIScheme/ftp.php'; require_once 'HTMLPurifier/URIScheme/https.php'; -//require_once 'HTMLPurifier/URIScheme/mailto.php'; +require_once 'HTMLPurifier/URIScheme/mailto.php'; require_once 'HTMLPurifier/URIScheme/news.php'; require_once 'HTMLPurifier/URIScheme/nntp.php'; +// WARNING: All the URI schemes are far to relaxed, we need to tighten +// the checks. + class HTMLPurifier_URISchemeTest extends UnitTestCase { @@ -104,8 +107,7 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase ); } - // mailto currently isn't implemented yet - function non_test_mailto() { + function test_mailto() { $scheme = new HTMLPurifier_URIScheme_mailto(); $config = HTMLPurifier_Config::createDefault(); @@ -116,6 +118,12 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase array(null, null, null, 'bob@example.com', null) ); + $this->assertIdentical( + $scheme->validateComponents( + 'user', 'example.com', 80, 'bob@example.com', 'subject=Foo!', $config), + array(null, null, null, 'bob@example.com', 'subject=Foo!') + ); + } }