1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-10-24 18:16:19 +02:00

Release 2.1.0, merged in 1313 to HEAD.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/strict@1352 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2007-08-03 03:20:49 +00:00
parent 495164e938
commit 678a593e62
73 changed files with 1569 additions and 631 deletions

View File

@@ -9,7 +9,7 @@ class HTMLPurifier_AttrCollectionsTest_NoConstructor extends HTMLPurifier_AttrCo
function performInclusions(&$a) {}
}
class HTMLPurifier_AttrCollectionsTest extends UnitTestCase
class HTMLPurifier_AttrCollectionsTest extends HTMLPurifier_Harness
{
function testConstruction() {

View File

@@ -16,6 +16,10 @@ class HTMLPurifier_AttrDef_CSS_FontFamilyTest extends HTMLPurifier_AttrDefHarnes
$this->assertDef('01234');
$this->assertDef(',', false);
$this->assertDef('Times New Roman, serif', '\'Times New Roman\', serif');
$this->assertDef($d = "'John\\'s Font'");
$this->assertDef("John's Font", $d);
$this->assertDef($d = "'\xE5\xAE\x8B\xE4\xBD\x93'");
$this->assertDef("\xE5\xAE\x8B\xE4\xBD\x93", $d);
}

View File

@@ -2,317 +2,86 @@
require_once 'HTMLPurifier/AttrDefHarness.php';
require_once 'HTMLPurifier/AttrDef/URI.php';
require_once 'HTMLPurifier/URIParser.php';
// WARNING: INCOMPLETE UNIT TESTS!
// we also need to test all the configuration directives defined by this class
// http: is returned quite often when a URL is invalid. We have to change
// this behavior to just a plain old "FALSE"!
/**
* @todo Aim for complete code coverage with mocks
*/
class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
{
var $scheme, $components, $return_components;
function testGenericURI() {
generate_mock_once('HTMLPurifier_URIScheme');
generate_mock_once('HTMLPurifier_URISchemeRegistry');
$old_registry = HTMLPurifier_URISchemeRegistry::instance();
// finally, lets get a copy of the actual class
function setUp() {
$this->def = new HTMLPurifier_AttrDef_URI();
// initialize test inputs
$uri = // input URI
$components = // what components the URI should be parsed to
$return_components = // return components
$expect_uri = array(); // what reassembled URI to expect
//////////////////////////////////////////////////////////////////////
// test a regular instance, return identical URI
$uri[0] = 'http://www.example.com/webhp?q=foo#result2';
$components[0] = array(
null, // userinfo
'www.example.com', // host
null, // port
'/webhp', // path
'q=foo' // query
);
// test an amended URI (the actual logic is irrelevant)
// test that user and port get parsed correctly (3.2.1 and 3.2.3)
$uri[1] = 'http://user@authority.part:80/now/the/path?query#fragment';
$components[1] = array(
'user', 'authority.part', 80,
'/now/the/path', 'query'
);
$return_components[1] = array( // removed port (it's standard)
'user', 'authority.part', null, '/now/the/path', 'query'
);
$expect_uri[1] = 'http://user@authority.part/now/the/path?query#fragment';
// percent encoded characters are not resolved during generic URI
// parsing even though RFC 3986 defines this notation
// also test what happens when query/fragment are missing
$uri[2] = 'http://en.wikipedia.org/wiki/Clich%C3%A9';
$components[2] = array(
null, 'en.wikipedia.org', null, '/wiki/Clich%C3%A9', null
);
// test distinction between empty query and undefined query (above)
$uri[3] = 'http://www.example.com/?#';
$components[3] = array(null, 'www.example.com', null, '/', '');
// path is always defined, even if empty
$uri[4] = 'http://www.example.com';
$components[4] = array(null, 'www.example.com', null, '', null);
// test parsing of an opaque URI
$uri[5] = 'mailto:bob@example.com';
$components[5] = array(null, null, null, 'bob@example.com', null);
// even though we don't resolve percent entities, we have to fix
// improper percent-encodes. Taken one at a time:
// %56 - V, which is an unreserved character
// %fc - u with an umlaut, normalize to uppercase
// %GJ - invalid characters in entity, encode %
// %5 - prematurely terminated, encode %
// %FC - u with umlaut, correct
// note that Apache doesn't do such fixing, rather, it just claims
// that the browser sent a "Bad Request". See PercentEncoder.php
// for more details
$uri[6] = 'http://www.example.com/%56%fc%GJ%5%FC';
$components[6] = array(null, 'www.example.com', null, '/V%FC%25GJ%255%FC', null);
$expect_uri[6] = 'http://www.example.com/V%FC%25GJ%255%FC';
// test IPv4 address (behavior may vary with configuration)
$uri[7] = 'http://192.0.34.166/';
$components[7] = array(null, '192.0.34.166', null, '/', null);
// while it may look like an IPv4 address, it's really a reg-name.
// don't destroy it
$uri[8] = 'http://333.123.32.123/';
$components[8] = array(null, '333.123.32.123', null, '/', null);
// test IPv6 address, using amended form of RFC's example
$uri[9] = 'http://[2001:db8::7]/c=GB?objectClass?one';
$components[9] = array(null, '[2001:db8::7]', null, '/c=GB',
'objectClass?one');
// We will not implement punycode encoding, that's up to the browsers
// We also will not implement percent to IDNA encoding transformations:
// if you need to use an international domain in a link, make sure that
// you've got it in UTF-8 and send it in raw (no encoding).
// break the RFC a little and allow international characters
// WARNING: UTF-8 encoded!
$uri[10] = 'http://tūdaliņ.lv';
$components[10] = array(null, 'tūdaliņ.lv', null, '', null);
// test invalid IPv6 address and invalid reg-name
$uri[11] = 'http://[2001:0db8:85z3:08d3:1319:8a2e:0370:7334]';
$components[11] = array(null, null, null, '', null);
$expect_uri[11] = 'http:';
// test invalid port
$uri[12] = 'http://example.com:foobar';
$components[12] = array(null, 'example.com', null, '', null);
$expect_uri[12] = 'http://example.com';
// test overlarge port (max is 65535, although this isn't official)
$uri[13] = 'http://example.com:65536';
$components[13] = array(null, 'example.com', null, '', null);
$expect_uri[13] = 'http://example.com';
// some spec abnf tests
// "authority . path-abempty" omitted, it is a trivial case
// "path-absolute", note this is different from path-rootless
$uri[14] = 'http:/this/is/path';
$components[14] = array(null, null, null, '/this/is/path', null);
$expect_uri[14] = 'http:/this/is/path'; // do not munge scheme off
// scheme munging is not being tested yet, it's an extra feature
// "path-rootless" - this should not be used but is allowed
$uri[15] = 'http:this/is/path';
$components[15] = array(null, null, null, 'this/is/path', null);
//$expect_uri[15] = 'this/is/path'; // munge scheme off
// "path-empty" - a rather interesting case, remove the scheme
$uri[16] = 'http:';
$components[16] = array(null, null, null, '', null);
//$expect_uri[16] = ''; // munge scheme off
// test invalid scheme, components shouldn't be passed
$uri[17] = 'javascript:alert("moo");';
$expect_uri[17] = false;
// relative URIs - basic case
$uri[18] = '/a/b';
$components[18] = array(null, null, null, '/a/b', null);
// result of malformed tag, gracefully handle error
$uri[19] = 'http://www.google.com/\'>"';
$components[19] = array(null, 'www.google.com', null, '/', null);
$expect_uri[19] = 'http://www.google.com/';
// test empty
$uri[20] = '';
$components[20] = array(null, null, null, '', null);
$expect_uri[20] = '';
foreach ($uri as $i => $value) {
// the read in values
$this->config = isset($config[$i]) ? $config[$i] : HTMLPurifier_Config::createDefault();
$this->context = isset($context[$i]) ? $context[$i] : new HTMLPurifier_Context();
// setUpAssertDef
if ( isset($components[$i]) ) {
$this->components = $components[$i];
} else {
$this->components = false;
}
if ( isset($return_components[$i]) ) {
$this->return_components = $return_components[$i];
} else {
$this->return_components = $this->components;
}
// parameters
if (!isset($expect_uri[$i])) {
$expect_uri[$i] = $value; // untouched
}
$this->assertDef($value, $expect_uri[$i], true, "Test $i: %s");
}
// reset to regular implementation
HTMLPurifier_URISchemeRegistry::instance($old_registry);
}
function setUpAssertDef() {
// $fake_registry isn't the real mock, because due to PHP 4 weirdness
// I cannot set a default value to function parameters that are passed
// by reference. So we use the value instance() returns.
$fake_registry = new HTMLPurifier_URISchemeRegistryMock();
$registry =& HTMLPurifier_URISchemeRegistry::instance($fake_registry);
// now, let's add a pseudo-scheme to the registry
$this->scheme = new HTMLPurifier_URISchemeMock();
// here are the schemes we will support with overloaded mocks
$registry->setReturnReference('getScheme', $this->scheme, array('http', '*', '*'));
$registry->setReturnReference('getScheme', $this->scheme, array('mailto', '*', '*'));
// default return value is false (meaning no scheme defined: reject)
$registry->setReturnValue('getScheme', false, array('*', '*', '*'));
if ($this->components === false) {
$this->scheme->expectNever('validateComponents');
} else {
$this->components[] = '*'; // append the configuration
$this->components[] = '*'; // append context
$this->scheme->setReturnValue(
'validateComponents', $this->return_components, $this->components);
$this->scheme->expectOnce('validateComponents', $this->components);
}
}
function tearDownAssertDef() {
$this->scheme->tally();
parent::setUp();
}
function testIntegration() {
$this->def = new HTMLPurifier_AttrDef_URI();
$this->assertDef('http://www.google.com/');
$this->assertDef('http:', '');
$this->assertDef('http:/foo', '/foo');
$this->assertDef('javascript:bad_stuff();', false);
$this->assertDef('ftp://www.example.com/');
$this->assertDef('news:rec.alt');
$this->assertDef('nntp://news.example.com/324234');
$this->assertDef('mailto:bob@example.com');
}
function testDisableExternal() {
$this->def = new HTMLPurifier_AttrDef_URI();
$this->config->set('URI', 'DisableExternal', true);
$this->config->set('URI', 'Host', 'sub.example.com');
$this->assertDef('/foobar.txt');
$this->assertDef('http://google.com/', false);
$this->assertDef('http://sub.example.com/alas?foo=asd');
$this->assertDef('http://example.com/teehee', false);
$this->assertDef('http://www.example.com/#man', false);
$this->assertDef('http://go.sub.example.com/perhaps?p=foo');
function testIntegrationWithPercentEncoder() {
$this->assertDef(
'http://www.example.com/%56%fc%GJ%5%FC',
'http://www.example.com/V%FC%25GJ%255%FC'
);
}
function testEmbeds() {
// embedded URI
$this->def = new HTMLPurifier_AttrDef_URI(true);
$this->assertDef('http://sub.example.com/alas?foo=asd');
$this->assertDef('mailto:foo@example.com', false);
}
function testDisableExternalResources() {
$this->config->set('URI', 'DisableExternalResources', true);
$this->def = new HTMLPurifier_AttrDef_URI();
$this->assertDef('http://sub.example.com/alas?foo=asd');
$this->assertDef('/img.png');
$this->def = new HTMLPurifier_AttrDef_URI(true);
$this->assertDef('http://sub.example.com/alas?foo=asd', false);
$this->assertDef('/img.png');
}
function testMunge() {
function testConfigMunge() {
$this->config->set('URI', 'Munge', 'http://www.google.com/url?q=%s');
$this->def = new HTMLPurifier_AttrDef_URI();
$this->assertDef(
'http://www.example.com/',
'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F'
);
$this->assertDef('index.html');
$this->assertDef('javascript:foobar();', false);
}
function testBlacklist() {
$this->config->set('URI', 'HostBlacklist', array('example.com', 'moo'));
$this->assertDef('foo.txt');
$this->assertDef('http://www.google.com/example.com/moo');
$this->assertDef('http://example.com/#23', false);
$this->assertDef('https://sub.domain.example.com/foobar', false);
$this->assertDef('http://example.com.example.net/?whoo=foo', false);
$this->assertDef('ftp://moo-moo.net/foo/foo/', false);
function testDefaultSchemeRemovedInBlank() {
$this->assertDef('http:', '');
}
function testWhitelist() {
/*
function testDefaultSchemeRemovedInRelativeURI() {
$this->assertDef('http:/foo/bar', '/foo/bar');
}
function testDefaultSchemeNotRemovedInAbsoluteURI() {
$this->assertDef('http://example.com/foo/bar');
}
function testAltSchemeNotRemoved() {
$this->assertDef('mailto:this-looks-like-a-path@example.com');
}
function testURIDefinitionValidation() {
$parser = new HTMLPurifier_URIParser();
$uri = $parser->parse('http://example.com');
$this->config->set('URI', 'DefinitionID', 'HTMLPurifier_AttrDef_URITest->testURIDefinitionValidation');
$uri_def =& $this->config->getDefinition('URI');
// overload with mock
generate_mock_once('HTMLPurifier_URIDefinition');
$uri_def = new HTMLPurifier_URIDefinitionMock();
$uri_def->expectOnce('filter', array($uri, '*', '*'));
$uri_def->setReturnValue('filter', true, array($uri, '*', '*'));
$uri_def->setup = true;
$this->assertDef('http://example.com');
}
/*
function test_validate_configWhitelist() {
$this->config->set('URI', 'HostPolicy', 'DenyAll');
$this->config->set('URI', 'HostWhitelist', array(null, 'google.com'));
@@ -320,8 +89,9 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
$this->assertDef('server.txt');
$this->assertDef('ftp://www.google.com/?t=a');
$this->assertDef('http://google.com.tricky.spamsite.net', false);
*/
}
*/
}

View File

@@ -1,11 +1,10 @@
<?php
class HTMLPurifier_AttrDefHarness extends UnitTestCase
class HTMLPurifier_AttrDefHarness extends HTMLPurifier_Harness
{
var $def;
var $context;
var $config;
var $context, $config;
function setUp() {
$this->config = HTMLPurifier_Config::createDefault();
@@ -13,20 +12,15 @@ class HTMLPurifier_AttrDefHarness extends UnitTestCase
}
// cannot be used for accumulator
function assertDef($string, $expect = true, $ini = false, $message = '%s') {
function assertDef($string, $expect = true) {
// $expect can be a string or bool
if ($ini) $this->setUpAssertDef();
$result = $this->def->validate($string, $this->config, $this->context);
if ($expect === true) {
$this->assertIdentical($string, $result, $message);
$this->assertIdentical($string, $result);
} else {
$this->assertIdentical($expect, $result, $message);
$this->assertIdentical($expect, $result);
}
if ($ini) $this->tearDownAssertDef();
}
function setUpAssertDef() {}
function tearDownAssertDef() {}
}

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/AttrDef.php';
class HTMLPurifier_AttrDefTest extends UnitTestCase
class HTMLPurifier_AttrDefTest extends HTMLPurifier_Harness
{
function test_parseCDATA() {

View File

@@ -1,8 +1,8 @@
<?php
require_once 'HTMLPurifier/Harness.php';
require_once 'HTMLPurifier/ComplexHarness.php';
class HTMLPurifier_AttrTransformHarness extends HTMLPurifier_Harness
class HTMLPurifier_AttrTransformHarness extends HTMLPurifier_ComplexHarness
{
function setUp() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/AttrTransform.php';
class HTMLPurifier_AttrTransformTest extends UnitTestCase
class HTMLPurifier_AttrTransformTest extends HTMLPurifier_Harness
{
function test_prependCSS() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/AttrTypes.php';
class HTMLPurifier_AttrTypesTest extends UnitTestCase
class HTMLPurifier_AttrTypesTest extends HTMLPurifier_Harness
{
function test_get() {

View File

@@ -1,9 +1,9 @@
<?php
require_once 'HTMLPurifier/Harness.php';
require_once 'HTMLPurifier/ComplexHarness.php';
require_once 'HTMLPurifier/ChildDef.php';
class HTMLPurifier_ChildDefHarness extends HTMLPurifier_Harness
class HTMLPurifier_ChildDefHarness extends HTMLPurifier_ComplexHarness
{
function setUp() {

View File

@@ -0,0 +1,129 @@
<?php
require_once 'HTMLPurifier/Lexer/DirectLex.php';
/**
* General-purpose test-harness that makes testing functions that require
* configuration and context objects easier when those two parameters are
* meaningless. See HTMLPurifier_ChildDefTest for a good example of usage.
*/
class HTMLPurifier_ComplexHarness extends HTMLPurifier_Harness
{
/**
* Instance of the object that will execute the method
*/
var $obj;
/**
* Name of the function to be executed
*/
var $func;
/**
* Whether or not the method deals in tokens. If set to true, assertResult()
* will transparently convert HTML to and back from tokens.
*/
var $to_tokens = false;
/**
* Whether or not to convert tokens back into HTML before performing
* equality check, has no effect on bools.
*/
var $to_html = false;
/**
* Instance of an HTMLPurifier_Lexer implementation.
*/
var $lexer;
/**
* Instance of HTMLPurifier_Generator
*/
var $generator;
/**
* Default config to fall back on if no config is available
*/
var $config;
/**
* Default context to fall back on if no context is available
*/
var $context;
function HTMLPurifier_ComplexHarness() {
$this->lexer = new HTMLPurifier_Lexer_DirectLex();
$this->generator = new HTMLPurifier_Generator();
parent::HTMLPurifier_Harness();
}
/**
* Asserts a specific result from a one parameter + config/context function
* @param $input Input parameter
* @param $expect Expectation
* @param $config Configuration array in form of Ns.Directive => Value.
* Has no effect if $this->config is set.
* @param $context_array Context array in form of Key => Value or an actual
* context object.
*/
function assertResult($input, $expect = true,
$config_array = array(), $context_array = array()
) {
// setup config
if ($this->config) {
$config = HTMLPurifier_Config::create($this->config);
$config->autoFinalize = false;
$config->loadArray($config_array);
} else {
$config = HTMLPurifier_Config::create($config_array);
}
// setup context object. Note that we are operating on a copy of it!
// When necessary, extend the test harness to allow post-tests
// on the context object
if (empty($this->context)) {
$context = new HTMLPurifier_Context();
$context->loadArray($context_array);
} else {
$context =& $this->context;
}
if ($this->to_tokens && is_string($input)) {
// $func may cause $input to change, so "clone" another copy
// to sacrifice
$input = $this->lexer->tokenizeHTML($s = $input, $config, $context);
$input_c = $this->lexer->tokenizeHTML($s, $config, $context);
} else {
$input_c = $input;
}
// call the function
$func = $this->func;
$result = $this->obj->$func($input_c, $config, $context);
// test a bool result
if (is_bool($result)) {
$this->assertIdentical($expect, $result);
return;
} elseif (is_bool($expect)) {
$expect = $input;
}
if ($this->to_html) {
$result = $this->generator->
generateFromTokens($result, $config, $context);
if (is_array($expect)) {
$expect = $this->generator->
generateFromTokens($expect, $config, $context);
}
}
$this->assertIdentical($expect, $result);
}
}

View File

@@ -6,7 +6,7 @@ if (!class_exists('CS')) {
class CS extends HTMLPurifier_ConfigSchema {}
}
class HTMLPurifier_ConfigSchemaTest extends UnitTestCase
class HTMLPurifier_ConfigSchemaTest extends HTMLPurifier_Harness
{
/**

View File

@@ -6,7 +6,7 @@ if (!class_exists('CS')) {
class CS extends HTMLPurifier_ConfigSchema {}
}
class HTMLPurifier_ConfigTest extends UnitTestCase
class HTMLPurifier_ConfigTest extends HTMLPurifier_Harness
{
var $our_copy, $old_copy;

View File

@@ -5,7 +5,7 @@ require_once 'HTMLPurifier/Context.php';
// mocks
require_once 'HTMLPurifier/IDAccumulator.php';
class HTMLPurifier_ContextTest extends UnitTestCase
class HTMLPurifier_ContextTest extends HTMLPurifier_Harness
{
var $context;

View File

@@ -17,8 +17,7 @@ class HTMLPurifier_DefinitionCache_SerializerTest extends HTMLPurifier_Definitio
$config_md5 = '1.0.0-serial-2';
$file = realpath(
$rel_file = dirname(__FILE__) .
'/../../../library/HTMLPurifier/DefinitionCache/Serializer/Test/' .
$rel_file = HTMLPURIFIER_PREFIX . '/HTMLPurifier/DefinitionCache/Serializer/Test/' .
$config_md5 . '.ser'
);
if($file && file_exists($file)) unlink($file); // prevent previous failures from causing problems

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/DefinitionCacheFactory.php';
class HTMLPurifier_DefinitionCacheFactoryTest extends UnitTestCase
class HTMLPurifier_DefinitionCacheFactoryTest extends HTMLPurifier_Harness
{
var $newFactory;

View File

@@ -1,6 +1,6 @@
<?php
class HTMLPurifier_DefinitionCacheHarness extends UnitTestCase
class HTMLPurifier_DefinitionCacheHarness extends HTMLPurifier_Harness
{
/**

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/DefinitionCache.php';
class HTMLPurifier_DefinitionCacheTest extends UnitTestCase
class HTMLPurifier_DefinitionCacheTest extends HTMLPurifier_Harness
{
function test_isOld() {

View File

@@ -7,7 +7,7 @@ Mock::generatePartial(
'HTMLPurifier_Definition_Testable',
array('doSetup'));
class HTMLPurifier_DefinitionTest extends UnitTestCase
class HTMLPurifier_DefinitionTest extends HTMLPurifier_Harness
{
function test_setup() {
$def = new HTMLPurifier_Definition_Testable();

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/DoctypeRegistry.php';
class HTMLPurifier_DoctypeRegistryTest extends UnitTestCase
class HTMLPurifier_DoctypeRegistryTest extends HTMLPurifier_Harness
{
function test_register() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/ElementDef.php';
class HTMLPurifier_ElementDefTest extends UnitTestCase
class HTMLPurifier_ElementDefTest extends HTMLPurifier_Harness
{
function test_mergeIn() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/Encoder.php';
class HTMLPurifier_EncoderTest extends UnitTestCase
class HTMLPurifier_EncoderTest extends HTMLPurifier_Harness
{
var $_entity_lookup;

View File

@@ -4,7 +4,7 @@
require_once 'HTMLPurifier/EntityLookup.php';
class HTMLPurifier_EntityLookupTest extends UnitTestCase
class HTMLPurifier_EntityLookupTest extends HTMLPurifier_Harness
{
function test() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/EntityParser.php';
class HTMLPurifier_EntityParserTest extends UnitTestCase
class HTMLPurifier_EntityParserTest extends HTMLPurifier_Harness
{
var $EntityParser;

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/ErrorCollector.php';
class HTMLPurifier_ErrorCollectorTest extends UnitTestCase
class HTMLPurifier_ErrorCollectorTest extends HTMLPurifier_Harness
{
function setup() {

View File

@@ -3,7 +3,7 @@
require_once 'HTMLPurifier/ErrorCollectorEMock.php';
require_once 'HTMLPurifier/Lexer/DirectLex.php';
class HTMLPurifier_ErrorsHarness extends UnitTestCase
class HTMLPurifier_ErrorsHarness extends HTMLPurifier_Harness
{
var $config, $context;

View File

@@ -3,16 +3,16 @@
require_once 'HTMLPurifier/Generator.php';
require_once 'HTMLPurifier/EntityLookup.php';
require_once 'HTMLPurifier/Harness.php';
require_once 'HTMLPurifier/ComplexHarness.php';
class HTMLPurifier_GeneratorTest extends HTMLPurifier_Harness
class HTMLPurifier_GeneratorTest extends HTMLPurifier_ComplexHarness
{
var $gen;
var $_entity_lookup;
function HTMLPurifier_GeneratorTest() {
$this->UnitTestCase();
$this->HTMLPurifier_Harness();
$this->gen = new HTMLPurifier_Generator();
$this->_entity_lookup = HTMLPurifier_EntityLookup::instance();
}

View File

@@ -2,13 +2,18 @@
require_once 'HTMLPurifier/HTMLDefinition.php';
class HTMLPurifier_HTMLDefinitionTest extends UnitTestCase
class HTMLPurifier_HTMLDefinitionTest extends HTMLPurifier_Harness
{
function test_parseTinyMCEAllowedList() {
$def = new HTMLPurifier_HTMLDefinition();
$this->assertEqual(
$def->parseTinyMCEAllowedList(''),
array(array(), array())
);
$this->assertEqual(
$def->parseTinyMCEAllowedList('a,b,c'),
array(array('a' => true, 'b' => true, 'c' => true), array())

View File

@@ -0,0 +1,56 @@
<?php
require_once 'HTMLPurifier/HTMLModuleHarness.php';
class HTMLPurifier_HTMLModule_RubyTest extends HTMLPurifier_HTMLModuleHarness
{
function setUp() {
parent::setUp();
$this->config->set('HTML', 'Doctype', 'XHTML 1.1');
}
function testBasicUse() {
$this->assertResult(
'<ruby><rb>WWW</rb><rt>World Wide Web</rt></ruby>'
);
}
function testRPUse() {
$this->assertResult(
'<ruby><rb>WWW</rb><rp>(</rp><rt>World Wide Web</rt><rp>)</rp></ruby>'
);
}
function testComplexUse() {
$this->assertResult(
'<ruby>
<rbc>
<rb>10</rb>
<rb>31</rb>
<rb>2002</rb>
</rbc>
<rtc>
<rt>Month</rt>
<rt>Day</rt>
<rt>Year</rt>
</rtc>
<rtc>
<rt rbspan="3">Expiration Date</rt>
</rtc>
</ruby>'
);
/* not implemented
function testBackwardsCompat() {
$this->assertResult(
'<ruby>A<rp>(</rp><rt>aaa</rt><rp>)</rp></ruby>',
'<ruby><rb>A</rb><rp>(</rp><rt>aaa</rt><rp>)</rp></ruby>'
);
}
*/
}
}

View File

@@ -8,7 +8,7 @@ Mock::generatePartial(
array('makeFixes', 'makeFixesForLevel', 'populate')
);
class HTMLPurifier_HTMLModule_TidyTest extends UnitTestCase
class HTMLPurifier_HTMLModule_TidyTest extends HTMLPurifier_Harness
{
function test_getFixesForLevel() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/HTMLModuleManager.php';
class HTMLPurifier_HTMLModuleManagerTest extends UnitTestCase
class HTMLPurifier_HTMLModuleManagerTest extends HTMLPurifier_Harness
{
function test_addModule() {

View File

@@ -3,7 +3,7 @@
require_once 'HTMLPurifier/HTMLModule.php';
require_once 'HTMLPurifier/AttrDef.php';
class HTMLPurifier_HTMLModuleTest extends UnitTestCase
class HTMLPurifier_HTMLModuleTest extends HTMLPurifier_Harness
{
function test_addElementToContentSet() {

View File

@@ -1,128 +1,59 @@
<?php
require_once 'HTMLPurifier/Lexer/DirectLex.php';
require_once 'HTMLPurifier/URIParser.php';
/**
* General-purpose test-harness that makes testing functions that require
* configuration and context objects easier when those two parameters are
* meaningless. See HTMLPurifier_ChildDefTest for a good example of usage.
* All-use harness, use this rather than SimpleTest's
*/
class HTMLPurifier_Harness extends UnitTestCase
{
/**
* Instance of the object that will execute the method
*/
var $obj;
/**
* Name of the function to be executed
*/
var $func;
/**
* Whether or not the method deals in tokens. If set to true, assertResult()
* will transparently convert HTML to and back from tokens.
*/
var $to_tokens = false;
/**
* Whether or not to convert tokens back into HTML before performing
* equality check, has no effect on bools.
*/
var $to_html = false;
/**
* Instance of an HTMLPurifier_Lexer implementation.
*/
var $lexer;
/**
* Instance of HTMLPurifier_Generator
*/
var $generator;
/**
* Default config to fall back on if no config is available
*/
var $config;
/**
* Default context to fall back on if no context is available
*/
var $context;
function HTMLPurifier_Harness() {
$this->lexer = new HTMLPurifier_Lexer_DirectLex();
$this->generator = new HTMLPurifier_Generator();
parent::UnitTestCase();
}
var $config, $context;
/**
* Asserts a specific result from a one parameter + config/context function
* @param $input Input parameter
* @param $expect Expectation
* @param $config Configuration array in form of Ns.Directive => Value.
* Has no effect if $this->config is set.
* @param $context_array Context array in form of Key => Value or an actual
* context object.
* Generates easily accessible default config/context
*/
function assertResult($input, $expect = true,
$config_array = array(), $context_array = array()
) {
// setup config
if ($this->config) {
$config = HTMLPurifier_Config::create($this->config);
$config->loadArray($config_array);
function setUp() {
list($this->config, $this->context) = $this->createCommon();
}
/**
* Accepts config and context and prepares them into a valid state
* @param &$config Reference to config variable
* @param &$context Reference to context variable
*/
function prepareCommon(&$config, &$context) {
$config = HTMLPurifier_Config::create($config);
if (!$context) $context = new HTMLPurifier_Context();
}
/**
* Generates default configuration and context objects
* @return Defaults in form of array($config, $context)
*/
function createCommon() {
return array(HTMLPurifier_Config::createDefault(), new HTMLPurifier_Context);
}
/**
* If $expect is false, ignore $result and check if status failed.
* Otherwise, check if $status if true and $result === $expect.
* @param $status Boolean status
* @param $result Mixed result from processing
* @param $expect Mixed expectation for result
*/
function assertEitherFailOrIdentical($status, $result, $expect) {
if ($expect === false) {
$this->assertFalse($status, 'Expected false result, got true');
} else {
$config = HTMLPurifier_Config::create($config_array);
$this->assertTrue($status, 'Expected true result, got false');
$this->assertIdentical($result, $expect);
}
// setup context object. Note that we are operating on a copy of it!
// When necessary, extend the test harness to allow post-tests
// on the context object
if (empty($this->context)) {
$context = new HTMLPurifier_Context();
$context->loadArray($context_array);
} else {
$context =& $this->context;
}
if ($this->to_tokens && is_string($input)) {
// $func may cause $input to change, so "clone" another copy
// to sacrifice
$input = $this->lexer->tokenizeHTML($s = $input, $config, $context);
$input_c = $this->lexer->tokenizeHTML($s, $config, $context);
} else {
$input_c = $input;
}
// call the function
$func = $this->func;
$result = $this->obj->$func($input_c, $config, $context);
// test a bool result
if (is_bool($result)) {
$this->assertIdentical($expect, $result);
return;
} elseif (is_bool($expect)) {
$expect = $input;
}
if ($this->to_html) {
$result = $this->generator->
generateFromTokens($result, $config, $context);
if (is_array($expect)) {
$expect = $this->generator->
generateFromTokens($expect, $config, $context);
}
}
$this->assertIdentical($expect, $result);
}
}

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/IDAccumulator.php';
class HTMLPurifier_IDAccumulatorTest extends UnitTestCase
class HTMLPurifier_IDAccumulatorTest extends HTMLPurifier_Harness
{
function test() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/LanguageFactory.php';
class HTMLPurifier_LanguageFactoryTest extends UnitTestCase
class HTMLPurifier_LanguageFactoryTest extends HTMLPurifier_Harness
{
function test() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/Language.php';
class HTMLPurifier_LanguageTest extends UnitTestCase
class HTMLPurifier_LanguageTest extends HTMLPurifier_Harness
{
var $lang;

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/Lexer/DirectLex.php';
class HTMLPurifier_Lexer_DirectLexTest extends UnitTestCase
class HTMLPurifier_Lexer_DirectLexTest extends HTMLPurifier_Harness
{
var $DirectLex;

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/Lexer/DirectLex.php';
class HTMLPurifier_LexerTest extends UnitTestCase
class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
{
var $Lexer;

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/PercentEncoder.php';
class HTMLPurifier_PercentEncoderTest extends UnitTestCase
class HTMLPurifier_PercentEncoderTest extends HTMLPurifier_Harness
{
var $PercentEncoder;

View File

@@ -15,7 +15,7 @@ class HTMLPurifier_Strategy_Composite_Test
}
// doesn't use Strategy harness
class HTMLPurifier_Strategy_CompositeTest extends UnitTestCase
class HTMLPurifier_Strategy_CompositeTest extends HTMLPurifier_Harness
{
function test() {

View File

@@ -63,12 +63,6 @@ class HTMLPurifier_Strategy_FixNestingTest extends HTMLPurifier_StrategyHarness
'<span><ins>Not allowed!</ins></span>'
);
$this->assertResult( // alt config
'<span><ins><div>Not allowed!</div></ins></span>',
'<span><ins>&lt;div&gt;Not allowed!&lt;/div&gt;</ins></span>',
array('Core.EscapeInvalidChildren' => true)
);
// test block element that has inline content
$this->assertResult(
'<h1><ins><div>Not allowed!</div></ins></h1>',
@@ -84,6 +78,12 @@ class HTMLPurifier_Strategy_FixNestingTest extends HTMLPurifier_StrategyHarness
'<div><ins><del><div>Allowed!</div></del></ins></div>'
);
$this->assertResult( // alt config
'<span><ins><div>Not allowed!</div></ins></span>',
'<span><ins>&lt;div&gt;Not allowed!&lt;/div&gt;</ins></span>',
array('Core.EscapeInvalidChildren' => true)
);
}
function testExclusionsIntegration() {

View File

@@ -49,7 +49,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements_ErrorsTest extends HTMLPurifie
}
function testScriptRemoved() {
$this->collector->expectAt(0, 'send', array(E_ERROR, 'Strategy_RemoveForeignElements: Script removed'));
$this->collector->expectAt(0, 'send', array(E_ERROR, 'Strategy_RemoveForeignElements: Foreign meta element removed'));
$this->collector->expectContextAt(0, 'CurrentToken', new HTMLPurifier_Token_Start('script', array(), 1));
$this->collector->expectAt(1, 'send', array(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', 'script'));
$this->invoke('<script>asdf');

View File

@@ -1,11 +1,12 @@
<?php
require_once 'HTMLPurifier/Harness.php';
require_once 'HTMLPurifier/ComplexHarness.php';
class HTMLPurifier_StrategyHarness extends HTMLPurifier_Harness
class HTMLPurifier_StrategyHarness extends HTMLPurifier_ComplexHarness
{
function setUp() {
parent::setUp();
$this->func = 'execute';
$this->to_tokens = true;
$this->to_html = true;

View File

@@ -6,7 +6,7 @@ require_once 'HTMLPurifier/TagTransform.php';
require_once 'HTMLPurifier/TagTransform/Font.php';
require_once 'HTMLPurifier/TagTransform/Simple.php';
class HTMLPurifier_TagTransformTest extends UnitTestCase
class HTMLPurifier_TagTransformTest extends HTMLPurifier_Harness
{
/**

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/TokenFactory.php';
class HTMLPurifier_TokenFactoryTest extends UnitTestCase
class HTMLPurifier_TokenFactoryTest extends HTMLPurifier_Harness
{
public function test() {

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/Token.php';
class HTMLPurifier_TokenTest extends UnitTestCase
class HTMLPurifier_TokenTest extends HTMLPurifier_Harness
{
function assertTokenConstruction($name, $attr,

View File

@@ -0,0 +1,59 @@
<?php
require_once 'HTMLPurifier/URIHarness.php';
require_once 'HTMLPurifier/URIDefinition.php';
class HTMLPurifier_URIDefinitionTest extends HTMLPurifier_URIHarness
{
function createFilterMock($expect = true, $result = true) {
generate_mock_once('HTMLPurifier_URIFilter');
$mock = new HTMLPurifier_URIFilterMock();
if ($expect) $mock->expectOnce('filter');
else $mock->expectNever('filter');
$mock->setReturnValue('filter', $result);
return $mock;
}
function test_filter() {
$def = new HTMLPurifier_URIDefinition();
$def->filters[] = $this->createFilterMock();
$def->filters[] = $this->createFilterMock();
$uri = $this->createURI('test');
$this->assertTrue($def->filter($uri, $this->config, $this->context));
}
function test_filter_earlyAbortIfFail() {
$def = new HTMLPurifier_URIDefinition();
$def->filters[] = $this->createFilterMock(true, false);
$def->filters[] = $this->createFilterMock(false); // never called
$uri = $this->createURI('test');
$this->assertFalse($def->filter($uri, $this->config, $this->context));
}
function test_setupMemberVariables_collisionPrecedenceIsHostBaseScheme() {
$this->config->set('URI', 'Host', $host = 'example.com');
$this->config->set('URI', 'Base', $base = 'http://sub.example.com/foo/bar.html');
$this->config->set('URI', 'DefaultScheme', 'ftp');
$def = new HTMLPurifier_URIDefinition();
$def->setupMemberVariables($this->config);
$this->assertIdentical($def->host, $host);
$this->assertIdentical($def->base, $this->createURI($base));
$this->assertIdentical($def->defaultScheme, 'http'); // not ftp!
}
function test_setupMemberVariables_onlyScheme() {
$this->config->set('URI', 'DefaultScheme', 'ftp');
$def = new HTMLPurifier_URIDefinition();
$def->setupMemberVariables($this->config);
$this->assertIdentical($def->defaultScheme, 'ftp');
}
function test_setupMemberVariables_onlyBase() {
$this->config->set('URI', 'Base', 'http://sub.example.com/foo/bar.html');
$def = new HTMLPurifier_URIDefinition();
$def->setupMemberVariables($this->config);
$this->assertIdentical($def->host, 'sub.example.com');
}
}

View File

@@ -0,0 +1,24 @@
<?php
require_once 'HTMLPurifier/URIFilter/DisableExternalTest.php';
require_once 'HTMLPurifier/URIFilter/DisableExternalResources.php';
class HTMLPurifier_URIFilter_DisableExternalResourcesTest extends
HTMLPurifier_URIFilter_DisableExternalTest
{
function setUp() {
parent::setUp();
$this->filter = new HTMLPurifier_URIFilter_DisableExternalResources();
$var = true;
$this->context->register('EmbeddedURI', $var);
}
function testPreserveWhenNotEmbedded() {
$this->context->destroy('EmbeddedURI'); // undo setUp
$this->assertFiltering(
'http://example.com'
);
}
}

View File

@@ -0,0 +1,47 @@
<?php
require_once 'HTMLPurifier/URIFilter/DisableExternal.php';
require_once 'HTMLPurifier/URIFilterHarness.php';
class HTMLPurifier_URIFilter_DisableExternalTest extends HTMLPurifier_URIFilterHarness
{
function setUp() {
parent::setUp();
$this->filter = new HTMLPurifier_URIFilter_DisableExternal();
}
function testRemoveExternal() {
$this->assertFiltering(
'http://example.com', false
);
}
function testPreserveInternal() {
$this->assertFiltering(
'/foo/bar'
);
}
function testPreserveOurHost() {
$this->config->set('URI', 'Host', 'example.com');
$this->assertFiltering(
'http://example.com'
);
}
function testPreserveOurSubdomain() {
$this->config->set('URI', 'Host', 'example.com');
$this->assertFiltering(
'http://www.example.com'
);
}
function testRemoveSuperdomain() {
$this->config->set('URI', 'Host', 'www.example.com');
$this->assertFiltering(
'http://example.com', false
);
}
}

View File

@@ -0,0 +1,30 @@
<?php
require_once 'HTMLPurifier/URIFilter/HostBlacklist.php';
require_once 'HTMLPurifier/URIFilterHarness.php';
class HTMLPurifier_URIFilter_HostBlacklistTest extends HTMLPurifier_URIFilterHarness
{
function setUp() {
parent::setUp();
$this->filter = new HTMLPurifier_URIFilter_HostBlacklist();
}
function testRejectBlacklistedHost() {
$this->config->set('URI', 'HostBlacklist', 'example.com');
$this->assertFiltering('http://example.com', false);
}
function testRejectBlacklistedHostThoughNotTrue() {
// maybe this behavior should change
$this->config->set('URI', 'HostBlacklist', 'example.com');
$this->assertFiltering('http://example.comcast.com', false);
}
function testPreserveNonBlacklistedHost() {
$this->config->set('URI', 'HostBlacklist', 'example.com');
$this->assertFiltering('http://google.com');
}
}

View File

@@ -0,0 +1,122 @@
<?php
require_once 'HTMLPurifier/URIFilter/MakeAbsolute.php';
require_once 'HTMLPurifier/URIFilterHarness.php';
class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarness
{
function setUp() {
parent::setUp();
$this->filter = new HTMLPurifier_URIFilter_MakeAbsolute();
$this->setBase();
}
function setBase($base = 'http://example.com/foo/bar.html?q=s#frag') {
$this->config->set('URI', 'Base', $base);
}
// corresponding to RFC 2396
function testPreserveAbsolute() {
$this->assertFiltering('http://example.com/foo.html');
}
function testFilterBlank() {
$this->assertFiltering('', 'http://example.com/foo/bar.html?q=s');
}
function testFilterEmptyPath() {
$this->assertFiltering('?q=s#frag', 'http://example.com/foo/bar.html?q=s#frag');
}
function testPreserveAltScheme() {
$this->assertFiltering('mailto:bob@example.com');
}
function testFilterIgnoreHTTPSpecialCase() {
$this->assertFiltering('http:/', 'http://example.com/');
}
function testFilterAbsolutePath() {
$this->assertFiltering('/foo.txt', 'http://example.com/foo.txt');
}
function testFilterRelativePath() {
$this->assertFiltering('baz.txt', 'http://example.com/foo/baz.txt');
}
function testFilterRelativePathWithInternalDot() {
$this->assertFiltering('./baz.txt', 'http://example.com/foo/baz.txt');
}
function testFilterRelativePathWithEndingDot() {
$this->assertFiltering('baz/.', 'http://example.com/foo/baz/');
}
function testFilterRelativePathDot() {
$this->assertFiltering('.', 'http://example.com/foo/');
}
function testFilterRelativePathWithInternalDotDot() {
$this->assertFiltering('../baz.txt', 'http://example.com/baz.txt');
}
function testFilterRelativePathWithEndingDotDot() {
$this->assertFiltering('..', 'http://example.com/');
}
function testFilterRelativePathTooManyDotDots() {
$this->assertFiltering('../../', 'http://example.com/');
}
function testFilterAppendingQueryAndFragment() {
$this->assertFiltering('/foo.php?q=s#frag', 'http://example.com/foo.php?q=s#frag');
}
// edge cases below
function testFilterAbsolutePathBase() {
$this->setBase('/foo/baz.txt');
$this->assertFiltering('test.php', '/foo/test.php');
}
function testFilterAbsolutePathBaseDirectory() {
$this->setBase('/foo/');
$this->assertFiltering('test.php', '/foo/test.php');
}
function testFilterAbsolutePathBaseBelow() {
$this->setBase('/foo/baz.txt');
$this->assertFiltering('../../test.php', '/test.php');
}
function testFilterRelativePathBase() {
$this->setBase('foo/baz.html');
$this->assertFiltering('foo.php', 'foo/foo.php');
}
function testFilterRelativePathBaseBelow() {
$this->setBase('../baz.html');
$this->assertFiltering('test/strike.html', '../test/strike.html');
}
function testFilterRelativePathBaseWithAbsoluteURI() {
$this->setBase('../baz.html');
$this->assertFiltering('/test/strike.html');
}
function testFilterRelativePathBaseWithDot() {
$this->setBase('../baz.html');
$this->assertFiltering('.', '../');
}
// error case
function testErrorNoBase() {
$this->setBase(null);
$this->expectError('URI.MakeAbsolute is being ignored due to lack of value for URI.Base configuration');
$this->assertFiltering('foo/bar.txt');
}
}

View File

@@ -0,0 +1,15 @@
<?php
require_once 'HTMLPurifier/URIHarness.php';
class HTMLPurifier_URIFilterHarness extends HTMLPurifier_URIHarness
{
function assertFiltering($uri, $expect_uri = true) {
$this->prepareURI($uri, $expect_uri);
$this->filter->prepare($this->config, $this->context);
$result = $this->filter->filter($uri, $this->config, $this->context);
$this->assertEitherFailOrIdentical($result, $uri, $expect_uri);
}
}

View File

@@ -0,0 +1,31 @@
<?php
require_once 'HTMLPurifier/URIParser.php';
class HTMLPurifier_URIHarness extends HTMLPurifier_Harness
{
/**
* Prepares two URIs into object form
* @param &$uri Reference to string input URI
* @param &$expect_uri Reference to string expectation URI
* @note If $expect_uri is false, it will stay false
*/
function prepareURI(&$uri, &$expect_uri) {
$parser = new HTMLPurifier_URIParser();
if ($expect_uri === true) $expect_uri = $uri;
$uri = $parser->parse($uri);
if ($expect_uri !== false) {
$expect_uri = $parser->parse($expect_uri);
}
}
/**
* Generates a URI object from the corresponding string
*/
function createURI($uri) {
$parser = new HTMLPurifier_URIParser();
return $parser->parse($uri);
}
}

View File

@@ -0,0 +1,140 @@
<?php
require_once 'HTMLPurifier/URIParser.php';
require_once 'HTMLPurifier/URI.php';
class HTMLPurifier_URIParserTest extends HTMLPurifier_Harness
{
function assertParsing(
$uri, $scheme, $userinfo, $host, $port, $path, $query, $fragment, $config = null, $context = null
) {
$this->prepareCommon($config, $context);
$parser = new HTMLPurifier_URIParser();
$result = $parser->parse($uri, $config, $context);
$expect = new HTMLPurifier_URI($scheme, $userinfo, $host, $port, $path, $query, $fragment);
$this->assertEqual($result, $expect);
}
function testRegular() {
$this->assertParsing(
'http://www.example.com/webhp?q=foo#result2',
'http', null, 'www.example.com', null, '/webhp', 'q=foo', 'result2'
);
}
function testPortAndUsername() {
$this->assertParsing(
'http://user@authority.part:80/now/the/path?query#fragment',
'http', 'user', 'authority.part', 80, '/now/the/path', 'query', 'fragment'
);
}
function testPercentEncoding() {
$this->assertParsing(
'http://en.wikipedia.org/wiki/Clich%C3%A9',
'http', null, 'en.wikipedia.org', null, '/wiki/Clich%C3%A9', null, null
);
}
function testEmptyQuery() {
$this->assertParsing(
'http://www.example.com/?#',
'http', null, 'www.example.com', null, '/', '', null
);
}
function testEmptyPath() {
$this->assertParsing(
'http://www.example.com',
'http', null, 'www.example.com', null, '', null, null
);
}
function testOpaqueURI() {
$this->assertParsing(
'mailto:bob@example.com',
'mailto', null, null, null, 'bob@example.com', null, null
);
}
function testIPv4Address() {
$this->assertParsing(
'http://192.0.34.166/',
'http', null, '192.0.34.166', null, '/', null, null
);
}
function testFakeIPv4Address() {
$this->assertParsing(
'http://333.123.32.123/',
'http', null, '333.123.32.123', null, '/', null, null
);
}
function testIPv6Address() {
$this->assertParsing(
'http://[2001:db8::7]/c=GB?objectClass?one',
'http', null, '[2001:db8::7]', null, '/c=GB', 'objectClass?one', null
);
}
function testInternationalizedDomainName() {
$this->assertParsing(
"http://t\xC5\xABdali\xC5\x86.lv",
'http', null, "t\xC5\xABdali\xC5\x86.lv", null, '', null, null
);
}
function testInvalidPort() {
$this->assertParsing(
'http://example.com:foobar',
'http', null, 'example.com', null, '', null, null
);
}
function testPathAbsolute() {
$this->assertParsing(
'http:/this/is/path',
'http', null, null, null, '/this/is/path', null, null
);
}
function testPathRootless() {
// this should not be used but is allowed
$this->assertParsing(
'http:this/is/path',
'http', null, null, null, 'this/is/path', null, null
);
}
function testPathEmpty() {
$this->assertParsing(
'http:',
'http', null, null, null, '', null, null
);
}
function testRelativeURI() {
$this->assertParsing(
'/a/b',
null, null, null, null, '/a/b', null, null
);
}
function testMalformedTag() {
$this->assertParsing(
'http://www.example.com/\'>"',
'http', null, 'www.example.com', null, '/', null, null
);
}
function testEmpty() {
$this->assertParsing(
'',
null, null, null, null, '', null, null
);
}
}

View File

@@ -2,7 +2,7 @@
require_once 'HTMLPurifier/URISchemeRegistry.php';
class HTMLPurifier_URISchemeRegistryTest extends UnitTestCase
class HTMLPurifier_URISchemeRegistryTest extends HTMLPurifier_Harness
{
function test() {

View File

@@ -1,6 +1,9 @@
<?php
require_once 'HTMLPurifier/URI.php';
require_once 'HTMLPurifier/URIScheme.php';
require_once 'HTMLPurifier/URISchemeRegistry.php';
require_once 'HTMLPurifier/URIScheme/http.php';
require_once 'HTMLPurifier/URIScheme/ftp.php';
@@ -12,145 +15,133 @@ require_once 'HTMLPurifier/URIScheme/nntp.php';
// WARNING: All the URI schemes are far to relaxed, we need to tighten
// the checks.
class HTMLPurifier_URISchemeTest extends UnitTestCase
class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
{
function test_http() {
$scheme = new HTMLPurifier_URIScheme_http();
$config = HTMLPurifier_Config::createDefault();
$context = new HTMLPurifier_Context();
$this->assertIdentical(
$scheme->validateComponents(
null, 'www.example.com', null, '/', 's=foobar', $config, $context),
array(null, 'www.example.com', null, '/', 's=foobar')
);
// absorb default port and userinfo
$this->assertIdentical(
$scheme->validateComponents(
'user', 'www.example.com', 80, '/', 's=foobar', $config, $context),
array(null, 'www.example.com', null, '/', 's=foobar')
);
// do not absorb non-default port
$this->assertIdentical(
$scheme->validateComponents(
null, 'www.example.com', 8080, '/', 's=foobar', $config, $context),
array(null, 'www.example.com', 8080, '/', 's=foobar')
);
// https is basically the same
$scheme = new HTMLPurifier_URIScheme_https();
$this->assertIdentical(
$scheme->validateComponents(
'user', 'www.example.com', 443, '/', 's=foobar', $config, $context),
array(null, 'www.example.com', null, '/', 's=foobar')
);
function assertValidation($uri, $expect_uri = true) {
$this->prepareURI($uri, $expect_uri);
// convenience hack: the scheme should be explicitly specified
$scheme = $uri->getSchemeObj($this->config, $this->context);
$result = $scheme->validate($uri, $this->config, $this->context);
$this->assertEitherFailOrIdentical($result, $uri, $expect_uri);
}
function test_ftp() {
$scheme = new HTMLPurifier_URIScheme_ftp();
$config = HTMLPurifier_Config::createDefault();
$context = new HTMLPurifier_Context();
$this->assertIdentical(
$scheme->validateComponents(
'user', 'www.example.com', 21, '/', 's=foobar', $config, $context),
array('user', 'www.example.com', null, '/', null)
);
// valid typecode
$this->assertIdentical(
$scheme->validateComponents(
null, 'www.example.com', null, '/file.txt;type=a', null, $config, $context),
array(null, 'www.example.com', null, '/file.txt;type=a', null)
);
// remove invalid typecode
$this->assertIdentical(
$scheme->validateComponents(
null, 'www.example.com', null, '/file.txt;type=z', null, $config, $context),
array(null, 'www.example.com', null, '/file.txt', null)
);
// encode errant semicolons
$this->assertIdentical(
$scheme->validateComponents(
null, 'www.example.com', null, '/too;many;semicolons=1', null, $config, $context),
array(null, 'www.example.com', null, '/too%3Bmany%3Bsemicolons=1', null)
);
}
function test_news() {
$scheme = new HTMLPurifier_URIScheme_news();
$config = HTMLPurifier_Config::createDefault();
$context = new HTMLPurifier_Context();
$this->assertIdentical(
$scheme->validateComponents(
null, null, null, 'gmane.science.linguistics', null, $config, $context),
array(null, null, null, 'gmane.science.linguistics', null)
);
$this->assertIdentical(
$scheme->validateComponents(
null, null, null, '642@eagle.ATT.COM', null, $config, $context),
array(null, null, null, '642@eagle.ATT.COM', null)
);
// test invalid field removal
$this->assertIdentical(
$scheme->validateComponents(
'user', 'www.google.com', 80, 'rec.music', 'path=foo', $config, $context),
array(null, null, null, 'rec.music', null)
);
}
function test_nntp() {
$scheme = new HTMLPurifier_URIScheme_nntp();
$config = HTMLPurifier_Config::createDefault();
$context = new HTMLPurifier_Context();
$this->assertIdentical(
$scheme->validateComponents(
null, 'news.example.com', null, '/alt.misc/12345', null, $config, $context),
array(null, 'news.example.com', null, '/alt.misc/12345', null)
);
$this->assertIdentical(
$scheme->validateComponents(
'user', 'news.example.com', 119, '/alt.misc/12345', 'foo=asdf', $config, $context),
array(null, 'news.example.com', null, '/alt.misc/12345', null)
function test_http_regular() {
$this->assertValidation(
'http://example.com/?s=q#fragment'
);
}
function test_mailto() {
$scheme = new HTMLPurifier_URIScheme_mailto();
$config = HTMLPurifier_Config::createDefault();
$context = new HTMLPurifier_Context();
$this->assertIdentical(
$scheme->validateComponents(
null, null, null, 'bob@example.com', null, $config, $context),
array(null, null, null, 'bob@example.com', null)
function test_http_removeDefaultPort() {
$this->assertValidation(
'http://example.com:80',
'http://example.com'
);
$this->assertIdentical(
$scheme->validateComponents(
'user', 'example.com', 80, 'bob@example.com', 'subject=Foo!', $config, $context),
array(null, null, null, 'bob@example.com', 'subject=Foo!')
}
function test_http_removeUserInfo() {
$this->assertValidation(
'http://bob@example.com',
'http://example.com'
);
}
function test_http_preserveNonDefaultPort() {
$this->assertValidation(
'http://example.com:8080'
);
}
function test_https_regular() {
$this->assertValidation(
'https://user@example.com:443/?s=q#frag',
'https://example.com/?s=q#frag'
);
}
function test_ftp_regular() {
$this->assertValidation(
'ftp://user@example.com/path'
);
}
function test_ftp_removeDefaultPort() {
$this->assertValidation(
'ftp://example.com:21',
'ftp://example.com'
);
}
function test_ftp_removeQueryString() {
$this->assertValidation(
'ftp://example.com?s=q',
'ftp://example.com'
);
}
function test_ftp_preserveValidTypecode() {
$this->assertValidation(
'ftp://example.com/file.txt;type=a'
);
}
function test_ftp_removeInvalidTypecode() {
$this->assertValidation(
'ftp://example.com/file.txt;type=z',
'ftp://example.com/file.txt'
);
}
function test_ftp_encodeExtraSemicolons() {
$this->assertValidation(
'ftp://example.com/too;many;semicolons=1',
'ftp://example.com/too%3Bmany%3Bsemicolons=1'
);
}
function test_news_regular() {
$this->assertValidation(
'news:gmane.science.linguistics'
);
}
function test_news_explicit() {
$this->assertValidation(
'news:642@eagle.ATT.COM'
);
}
function test_news_removeNonPathComponents() {
$this->assertValidation(
'news://user@example.com:80/rec.music?path=foo#frag',
'news:/rec.music#frag'
);
}
function test_nntp_regular() {
$this->assertValidation(
'nntp://news.example.com/alt.misc/42#frag'
);
}
function test_nntp_removalOfRedundantOrUselessComponents() {
$this->assertValidation(
'nntp://user@news.example.com:119/alt.misc/42?s=q#frag',
'nntp://news.example.com/alt.misc/42#frag'
);
}
function test_mailto_regular() {
$this->assertValidation(
'mailto:bob@example.com'
);
}
function test_mailto_removalOfRedundantOrUselessComponents() {
$this->assertValidation(
'mailto://user@example.com:80/bob@example.com?subject=Foo#frag',
'mailto:/bob@example.com?subject=Foo#frag'
);
}
}

View File

@@ -0,0 +1,166 @@
<?php
require_once 'HTMLPurifier/URI.php';
require_once 'HTMLPurifier/URIParser.php';
class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
{
function createURI($uri) {
$parser = new HTMLPurifier_URIParser();
return $parser->parse($uri);
}
function test_construct() {
$uri1 = new HTMLPurifier_URI('HTTP', 'bob', 'example.com', '23', '/foo', 'bar=2', 'slash');
$uri2 = new HTMLPurifier_URI('http', 'bob', 'example.com', 23, '/foo', 'bar=2', 'slash');
$this->assertIdentical($uri1, $uri2);
}
var $oldRegistry;
function &setUpSchemeRegistryMock() {
$this->oldRegistry = HTMLPurifier_URISchemeRegistry::instance();
generate_mock_once('HTMLPurifier_URIScheme');
generate_mock_once('HTMLPurifier_URISchemeRegistry');
$registry =& HTMLPurifier_URISchemeRegistry::instance(
new HTMLPurifier_URISchemeRegistryMock()
);
return $registry;
}
function &setUpSchemeMock($name) {
$registry =& $this->setUpSchemeRegistryMock();
$scheme_mock = new HTMLPurifier_URISchemeMock();
$registry->setReturnValue('getScheme', $scheme_mock, array($name, '*', '*'));
return $scheme_mock;
}
function setUpNoValidSchemes() {
$registry =& $this->setUpSchemeRegistryMock();
$registry->setReturnValue('getScheme', false, array('*', '*', '*'));
}
function tearDownSchemeRegistryMock() {
HTMLPurifier_URISchemeRegistry::instance($this->oldRegistry);
}
function test_getSchemeObj() {
$scheme_mock =& $this->setUpSchemeMock('http');
$uri = $this->createURI('http:');
$scheme_obj = $uri->getSchemeObj($this->config, $this->context);
$this->assertIdentical($scheme_obj, $scheme_mock);
$this->tearDownSchemeRegistryMock();
}
function test_getSchemeObj_invalidScheme() {
$this->setUpNoValidSchemes();
$uri = $this->createURI('http:');
$result = $uri->getSchemeObj($this->config, $this->context);
$this->assertIdentical($result, false);
$this->tearDownSchemeRegistryMock();
}
function test_getSchemaObj_defaultScheme() {
$scheme = 'foobar';
$scheme_mock =& $this->setUpSchemeMock($scheme);
$this->config->set('URI', 'DefaultScheme', $scheme);
$uri = $this->createURI('hmm');
$scheme_obj = $uri->getSchemeObj($this->config, $this->context);
$this->assertIdentical($scheme_obj, $scheme_mock);
$this->tearDownSchemeRegistryMock();
}
function test_getSchemaObj_invalidDefaultScheme() {
$this->setUpNoValidSchemes();
$this->config->set('URI', 'DefaultScheme', 'foobar');
$uri = $this->createURI('hmm');
$this->expectError('Default scheme object "foobar" was not readable');
$result = $uri->getSchemeObj($this->config, $this->context);
$this->assertIdentical($result, false);
$this->tearDownSchemeRegistryMock();
}
function assertToString($expect_uri, $scheme, $userinfo, $host, $port, $path, $query, $fragment) {
$uri = new HTMLPurifier_URI($scheme, $userinfo, $host, $port, $path, $query, $fragment);
$string = $uri->toString();
$this->assertIdentical($string, $expect_uri);
}
function test_toString_full() {
$this->assertToString(
'http://bob@example.com:300/foo?bar=baz#fragment',
'http', 'bob', 'example.com', 300, '/foo', 'bar=baz', 'fragment'
);
}
function test_toString_scheme() {
$this->assertToString(
'http:',
'http', null, null, null, '', null, null
);
}
function test_toString_authority() {
$this->assertToString(
'//bob@example.com:8080',
null, 'bob', 'example.com', 8080, '', null, null
);
}
function test_toString_path() {
$this->assertToString(
'/path/to',
null, null, null, null, '/path/to', null, null
);
}
function test_toString_query() {
$this->assertToString(
'?q=string',
null, null, null, null, '', 'q=string', null
);
}
function test_toString_fragment() {
$this->assertToString(
'#fragment',
null, null, null, null, '', null, 'fragment'
);
}
function assertValidation($uri, $expect_uri = true) {
if ($expect_uri === true) $expect_uri = $uri;
$uri = $this->createURI($uri);
$result = $uri->validate($this->config, $this->context);
if ($expect_uri === false) {
$this->assertFalse($result);
} else {
$this->assertTrue($result);
$this->assertIdentical($uri->toString(), $expect_uri);
}
}
function test_validate_overlongPort() {
$this->assertValidation('http://example.com:65536', 'http://example.com');
}
function test_validate_zeroPort() {
$this->assertValidation('http://example.com:00', 'http://example.com');
}
function test_validate_invalidHostThatLooksLikeIPv6() {
$this->assertValidation('http://[2001:0db8:85z3:08d3:1319:8a2e:0370:7334]', 'http:');
}
}

View File

@@ -79,6 +79,7 @@ $test_files[] = 'HTMLPurifier/GeneratorTest.php';
$test_files[] = 'HTMLPurifier/HTMLDefinitionTest.php';
$test_files[] = 'HTMLPurifier/HTMLModuleManagerTest.php';
$test_files[] = 'HTMLPurifier/HTMLModuleTest.php';
$test_files[] = 'HTMLPurifier/HTMLModule/RubyTest.php';
$test_files[] = 'HTMLPurifier/HTMLModule/ScriptingTest.php';
$test_files[] = 'HTMLPurifier/HTMLModule/TidyTest.php';
$test_files[] = 'HTMLPurifier/IDAccumulatorTest.php';
@@ -102,8 +103,15 @@ $test_files[] = 'HTMLPurifier/Strategy/RemoveForeignElements_ErrorsTest.php';
$test_files[] = 'HTMLPurifier/Strategy/ValidateAttributesTest.php';
$test_files[] = 'HTMLPurifier/TagTransformTest.php';
$test_files[] = 'HTMLPurifier/TokenTest.php';
$test_files[] = 'HTMLPurifier/URIDefinitionTest.php';
$test_files[] = 'HTMLPurifier/URIFilter/DisableExternalTest.php';
$test_files[] = 'HTMLPurifier/URIFilter/DisableExternalResourcesTest.php';
$test_files[] = 'HTMLPurifier/URIFilter/HostBlacklistTest.php';
$test_files[] = 'HTMLPurifier/URIFilter/MakeAbsoluteTest.php';
$test_files[] = 'HTMLPurifier/URIParserTest.php';
$test_files[] = 'HTMLPurifier/URISchemeRegistryTest.php';
$test_files[] = 'HTMLPurifier/URISchemeTest.php';
$test_files[] = 'HTMLPurifier/URITest.php';
$test_files[] = 'HTMLPurifierTest.php';
if (version_compare(PHP_VERSION, '5', '>=')) {