[1.3.0] More control of URIs granted

# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false. ! New directives %URI.DisableExternalResources and %URI.DisableResources ! New directive %Attr.DisableURI, which eliminates all hyperlinking - Missing "Available since" documentation added git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2025-08-05 05:37:49 +02:00 · 2006-11-23 23:59:20 +00:00
parent 61b6ee7183
commit 49cb2a4a7c
10 changed files with 168 additions and 50 deletions
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@@ -271,6 +271,20 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        
    }
    
+    function testDisableExternalResources() {
+        
+        $this->config->set('URI', 'DisableExternalResources', true);
+        
+        $this->def = new HTMLPurifier_AttrDef_URI();
+        $this->assertDef('http://sub.example.com/alas?foo=asd');
+        $this->assertDef('/img.png');
+        
+        $this->def = new HTMLPurifier_AttrDef_URI(true);
+        $this->assertDef('http://sub.example.com/alas?foo=asd', false);
+        $this->assertDef('/img.png');
+        
+    }
+    
 }

 ?>
--- a/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php
+++ b/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php
@@ -42,6 +42,12 @@ class HTMLPurifier_Strategy_RemoveForeignElementsTest
              ' Warning!</span>'
        );
        
+        // test removal of img tag
+        $this->assertResult(
+            '<img />',
+            ''
+        );
+        
    }
    
 }
--- a/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
+++ b/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
@@ -125,6 +125,9 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
        );
        
        // test required attributes for img
+        
+        // (this should never happen, as RemoveForeignElements
+        //  should have removed the offending image tag)
        $this->assertResult(
            '<img />',
            '<img src="" alt="Invalid image" />'
--- a/tests/HTMLPurifier/Test.php
+++ b/tests/HTMLPurifier/Test.php
@@ -8,6 +8,10 @@ class HTMLPurifier_Test extends UnitTestCase
 {
    var $purifier;
    
+    function setUp() {
+        $this->purifier = new HTMLPurifier();
+    }
+    
    function assertPurification($input, $expect = null) {
        if ($expect === null) $expect = $input;
        $result = $this->purifier->purify($input);
@@ -15,7 +19,6 @@ class HTMLPurifier_Test extends UnitTestCase
    }
    
    function testNull() {
-        $this->purifier = new HTMLPurifier();
        $this->assertPurification("Null byte\0", "Null byte");
    }
    
@@ -53,6 +56,19 @@ class HTMLPurifier_Test extends UnitTestCase
        
    }
    
+    function testDisableURI() {
+        
+        $config = HTMLPurifier_Config::createDefault();
+        $config->set('Attr', 'DisableURI', true);
+        $this->purifier = new HTMLPurifier($config);
+        
+        $this->assertPurification(
+            '<img src="foobar"/>',
+            ''
+        );
+        
+    }
+    
 }

 ?>