[1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a
2025-08-04 13:18:00 +02:00 · 2006-11-17 23:09:10 +00:00
parent b0df2f292f
commit 82afd890c4
12 changed files with 46 additions and 4 deletions
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@@ -261,6 +261,16 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        
    }
    
+    function testEmbeds() {
+        
+        // embedded URI
+        $this->def = new HTMLPurifier_AttrDef_URI(true);
+        
+        $this->assertDef('http://sub.example.com/alas?foo=asd');
+        $this->assertDef('mailto:foo@example.com', false);
+        
+    }
+    
 }

 ?>
--- a/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
+++ b/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
@@ -163,6 +163,12 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
            '<col />'
        );
        
+        // mailto in image is not allowed
+        $this->assertResult(
+            '<img src="mailto:foo@example.com" />',
+            '<img src="" alt="Invalid image" />'
+        );
+        
    }
    
 }