mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-07-30 19:00:10 +02:00
[3.1.1] General munge improvements
- Add CurrentCSSProperty context variable - Move Munge to its own class, derived off of SecureMunge. - Rename %URI.SecureMunge to %URI.Munge - Rename %URI.SecureMungeSecretKey to %URI.MungeSecretKey - Add extra substitutions for munge git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1803 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
115
tests/HTMLPurifier/URIFilter/MungeTest.php
Normal file
115
tests/HTMLPurifier/URIFilter/MungeTest.php
Normal file
@@ -0,0 +1,115 @@
|
||||
<?php
|
||||
|
||||
class HTMLPurifier_URIFilter_MungeTest extends HTMLPurifier_URIFilterHarness
|
||||
{
|
||||
|
||||
function setUp() {
|
||||
parent::setUp();
|
||||
$this->filter = new HTMLPurifier_URIFilter_Munge();
|
||||
}
|
||||
|
||||
protected function setMunge($uri = 'http://www.google.com/url?q=%s') {
|
||||
$this->config->set('URI', 'Munge', $uri);
|
||||
}
|
||||
|
||||
protected function setSecureMunge($key = 'secret') {
|
||||
$this->setMunge('/redirect.php?url=%s&checksum=%t');
|
||||
$this->config->set('URI', 'MungeSecretKey', $key);
|
||||
}
|
||||
|
||||
function testMunge() {
|
||||
$this->setMunge();
|
||||
$this->assertFiltering(
|
||||
'http://www.example.com/',
|
||||
'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F'
|
||||
);
|
||||
}
|
||||
|
||||
function testMungeReplaceTagName() {
|
||||
$this->setMunge('/r?tagname=%n&url=%s');
|
||||
$token = new HTMLPurifier_Token_Start('a');
|
||||
$this->context->register('CurrentToken', $token);
|
||||
$this->assertFiltering('http://google.com', '/r?tagname=a&url=http%3A%2F%2Fgoogle.com');
|
||||
}
|
||||
|
||||
function testMungeReplaceAttribute() {
|
||||
$this->setMunge('/r?attr=%m&url=%s');
|
||||
$attr = 'href';
|
||||
$this->context->register('CurrentAttr', $attr);
|
||||
$this->assertFiltering('http://google.com', '/r?attr=href&url=http%3A%2F%2Fgoogle.com');
|
||||
}
|
||||
|
||||
function testMungeReplaceResource() {
|
||||
$this->setMunge('/r?embeds=%r&url=%s');
|
||||
$embeds = false;
|
||||
$this->context->register('EmbeddedURI', $embeds);
|
||||
$this->assertFiltering('http://google.com', '/r?embeds=&url=http%3A%2F%2Fgoogle.com');
|
||||
}
|
||||
|
||||
function testMungeReplaceCSSProperty() {
|
||||
$this->setMunge('/r?property=%p&url=%s');
|
||||
$property = 'background';
|
||||
$this->context->register('CurrentCSSProperty', $property);
|
||||
$this->assertFiltering('http://google.com', '/r?property=background&url=http%3A%2F%2Fgoogle.com');
|
||||
}
|
||||
|
||||
function testIgnoreEmbedded() {
|
||||
$this->setMunge();
|
||||
$embeds = true;
|
||||
$this->context->register('EmbeddedURI', $embeds);
|
||||
$this->assertFiltering('http://example.com');
|
||||
}
|
||||
|
||||
function testProcessEmbedded() {
|
||||
$this->setMunge();
|
||||
$this->config->set('URI', 'MungeResources', true);
|
||||
$embeds = true;
|
||||
$this->context->register('EmbeddedURI', $embeds);
|
||||
$this->assertFiltering('http://www.example.com/', 'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F');
|
||||
}
|
||||
|
||||
function testPreserveRelative() {
|
||||
$this->setMunge();
|
||||
$this->assertFiltering('index.html');
|
||||
}
|
||||
|
||||
function testMungeIgnoreUnknownSchemes() {
|
||||
$this->setMunge();
|
||||
$this->assertFiltering('javascript:foobar();', true);
|
||||
}
|
||||
|
||||
function testSecureMungePreserve() {
|
||||
$this->setSecureMunge();
|
||||
$this->assertFiltering('/local');
|
||||
}
|
||||
|
||||
function testSecureMungePreserveEmbedded() {
|
||||
$this->setSecureMunge();
|
||||
$embedded = true;
|
||||
$this->context->register('EmbeddedURI', $embedded);
|
||||
$this->assertFiltering('http://google.com');
|
||||
}
|
||||
|
||||
function testSecureMungeStandard() {
|
||||
$this->setSecureMunge();
|
||||
$this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=0072e2f817fd2844825def74e54443debecf0892');
|
||||
}
|
||||
|
||||
function testSecureMungeIgnoreUnknownSchemes() {
|
||||
// This should be integration tested as well to be false
|
||||
$this->setSecureMunge();
|
||||
$this->assertFiltering('javascript:', true);
|
||||
}
|
||||
|
||||
function testSecureMungeIgnoreUnbrowsableSchemes() {
|
||||
$this->setSecureMunge();
|
||||
$this->assertFiltering('news:', true);
|
||||
}
|
||||
|
||||
function testSecureMungeToDirectory() {
|
||||
$this->setSecureMunge();
|
||||
$this->setMunge('/links/%s/%t');
|
||||
$this->assertFiltering('http://google.com', '/links/http%3A%2F%2Fgoogle.com/0072e2f817fd2844825def74e54443debecf0892');
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,55 +0,0 @@
|
||||
<?php
|
||||
|
||||
class HTMLPurifier_URIFilter_SecureMungeTest extends HTMLPurifier_URIFilterHarness
|
||||
{
|
||||
|
||||
function setUp() {
|
||||
parent::setUp();
|
||||
$this->filter = new HTMLPurifier_URIFilter_SecureMunge();
|
||||
$this->setSecureMunge();
|
||||
$this->setSecretKey();
|
||||
}
|
||||
|
||||
function setSecureMunge($uri = '/redirect.php?url=%s&checksum=%t') {
|
||||
$this->config->set('URI', 'SecureMunge', $uri);
|
||||
}
|
||||
|
||||
function setSecretKey($key = 'secret') {
|
||||
$this->config->set('URI', 'SecureMungeSecretKey', $key);
|
||||
}
|
||||
|
||||
function testPreserve() {
|
||||
$this->assertFiltering('/local');
|
||||
}
|
||||
|
||||
function testPreserveEmbedded() {
|
||||
$embedded = true;
|
||||
$this->context->register('EmbeddedURI', $embedded);
|
||||
$this->assertFiltering('http://google.com');
|
||||
}
|
||||
|
||||
function testStandardMunge() {
|
||||
$this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=0072e2f817fd2844825def74e54443debecf0892');
|
||||
}
|
||||
|
||||
function testIgnoreUnknownSchemes() {
|
||||
// This should be integration tested as well to be false
|
||||
$this->assertFiltering('javascript:', true);
|
||||
}
|
||||
|
||||
function testIgnoreUnbrowsableSchemes() {
|
||||
$this->assertFiltering('news:', true);
|
||||
}
|
||||
|
||||
function testMungeToDirectory() {
|
||||
$this->setSecureMunge('/links/%s/%t');
|
||||
$this->assertFiltering('http://google.com', '/links/http%3A%2F%2Fgoogle.com/0072e2f817fd2844825def74e54443debecf0892');
|
||||
}
|
||||
|
||||
function testErrorNoSecretKey() {
|
||||
$this->setSecretKey(null);
|
||||
$this->expectError('URI.SecureMunge is being ignored due to lack of value for URI.SecureMungeSecretKey');
|
||||
$this->assertFiltering('http://google.com');
|
||||
}
|
||||
|
||||
}
|
||||
@@ -186,8 +186,8 @@ alert("<This is compatible with XHTML>");
|
||||
}
|
||||
|
||||
function test_secureMunge() {
|
||||
$this->config->set('URI', 'SecureMunge', '/redirect.php?url=%s&check=%t');
|
||||
$this->config->set('URI', 'SecureMungeSecretKey', 'foo');
|
||||
$this->config->set('URI', 'Munge', '/redirect.php?url=%s&check=%t');
|
||||
$this->config->set('URI', 'MungeSecretKey', 'foo');
|
||||
$this->assertPurification(
|
||||
'<a href="http://localhost">foo</a><img src="http://localhost" alt="local" />',
|
||||
'<a href="/redirect.php?url=http%3A%2F%2Flocalhost&check=8e8223ae8fac24561104180ea549c21fbd111be7">foo</a><img src="http://localhost" alt="local" />'
|
||||
@@ -206,13 +206,25 @@ alert("<This is compatible with XHTML>");
|
||||
function test_safeObjectAndEmbedWithSecureMunge() {
|
||||
$this->config->set('HTML', 'SafeObject', true);
|
||||
$this->config->set('HTML', 'SafeEmbed', true);
|
||||
$this->config->set('URI', 'SecureMunge', '/redirect.php?url=%s&check=%t');
|
||||
$this->config->set('URI', 'SecureMungeSecretKey', 'foo');
|
||||
$this->config->set('URI', 'Munge', '/redirect.php?url=%s&check=%t');
|
||||
$this->config->set('URI', 'MungeSecretKey', 'foo');
|
||||
$this->assertPurification(
|
||||
'<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en"></param><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>',
|
||||
'<object width="425" height="344" data="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" /><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" type="application/x-shockwave-flash" width="425" height="344" allowscriptaccess="never" allownetworking="internal" /></object>'
|
||||
);
|
||||
}
|
||||
|
||||
function test_mungeWithExtraParams() {
|
||||
$this->config->set('URI', 'Munge', '/redirect?s=%s&t=%t&r=%r&n=%n&m=%m&p=%p');
|
||||
$this->config->set('URI', 'MungeSecretKey', 'foo');
|
||||
$this->config->set('URI', 'MungeResources', true);
|
||||
$this->assertPurification(
|
||||
'<a href="http://example.com">Link</a><img src="http://example.com" style="background-image:url(http://example.com);" alt="example.com" />',
|
||||
'<a href="/redirect?s=http%3A%2F%2Fexample.com&t=c15354f3953dfec262c55b1403067e0d045a3059&r=&n=a&m=href&p=">Link</a>'.
|
||||
'<img src="/redirect?s=http%3A%2F%2Fexample.com&t=c15354f3953dfec262c55b1403067e0d045a3059&r=1&n=img&m=src&p=" '.
|
||||
'style="background-image:url(/redirect?s=http%3A%2F%2Fexample.com&t=c15354f3953dfec262c55b1403067e0d045a3059&r=1&n=img&m=style&p=background-image);" alt="example.com" />'
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user