mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-09 23:57:03 +02:00
Code Issues Releases Wiki Activity

[3.1.0] Implement tag@attr for Allowed and Forbidden

Browse Source 
- Fix (or null) bug in configdoc

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1695 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-04-26 03:14:01 +00:00
parent 1f8619cda5
commit 84aa2ca390
9 changed files with 276 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
tests/HTMLPurifier/HTMLDefinitionTest.php
View File

@@ -59,7 +59,7 @@ a[href|title]
$config1 = HTMLPurifier_Config::create(array(
'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
'HTML.AllowedAttributes' => array('a.href', '*.id')
'HTML.AllowedAttributes' => array('a@href', '*@id')
));
$config2 = HTMLPurifier_Config::create(array(
@@ -70,6 +70,150 @@ a[href|title]
}
function assertPurification_AllowedElements_p() {
$this->assertPurification('<p><b>Jelly</b></p>', '<p>Jelly</p>');
}
function test_AllowedElements() {
$this->config->set('HTML', 'AllowedElements', 'p');
$this->assertPurification_AllowedElements_p();
}
function test_AllowedElements_multiple() {
$this->config->set('HTML', 'AllowedElements', 'p,div');
$this->assertPurification('<div><p><b>Jelly</b></p></div>', '<div><p>Jelly</p></div>');
}
function test_AllowedElements_invalidElement() {
$this->config->set('Cache', 'DefinitionImpl', null); // Necessary to ensure error is thrown
$this->config->set('HTML', 'AllowedElements', 'obviously_invalid,p');
$this->expectError(new PatternExpectation("/Element 'obviously_invalid' is not supported/"));
$this->assertPurification_AllowedElements_p();
}
function test_AllowedElements_invalidElement_xssAttempt() {
$this->config->set('Cache', 'DefinitionImpl', null);
$this->config->set('HTML', 'AllowedElements', '<script>,p');
$this->expectError(new PatternExpectation("/Element '&lt;script&gt;' is not supported/"));
$this->assertPurification_AllowedElements_p();
}
function test_AllowedElements_multipleInvalidElements() {
$this->config->set('Cache', 'DefinitionImpl', null);
$this->config->set('HTML', 'AllowedElements', 'dr-wiggles,dr-pepper,p');
$this->expectError(new PatternExpectation("/Element 'dr-wiggles' is not supported/"));
$this->expectError(new PatternExpectation("/Element 'dr-pepper' is not supported/"));
$this->assertPurification_AllowedElements_p();
}
function assertPurification_AllowedAttributes_global_style() {
$this->assertPurification(
'<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
'<p style="font-weight:bold;">Jelly</p><br style="clear:both;" />');
}
function test_AllowedAttributes_global_preferredSyntax() {
$this->config->set('HTML', 'AllowedAttributes', 'style');
$this->assertPurification_AllowedAttributes_global_style();
}
function test_AllowedAttributes_global_verboseSyntax() {
$this->config->set('HTML', 'AllowedAttributes', '*@style');
$this->assertPurification_AllowedAttributes_global_style();
}
function test_AllowedAttributes_global_discouragedSyntax() {
// Emit errors eventually
$this->config->set('HTML', 'AllowedAttributes', '*.style');
$this->assertPurification_AllowedAttributes_global_style();
}
function assertPurification_AllowedAttributes_local_p_style() {
$this->assertPurification(
'<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
'<p style="font-weight:bold;">Jelly</p><br />');
}
function test_AllowedAttributes_local_preferredSyntax() {
$this->config->set('HTML', 'AllowedAttributes', 'p@style');
$this->assertPurification_AllowedAttributes_local_p_style();
}
function test_AllowedAttributes_local_discouragedSyntax() {
$this->config->set('HTML', 'AllowedAttributes', 'p.style');
$this->assertPurification_AllowedAttributes_local_p_style();
}
function test_AllowedAttributes_multiple() {
$this->config->set('HTML', 'AllowedAttributes', 'p@style,br@class,title');
$this->assertPurification(
'<p style="font-weight:bold;" class="foo" title="foo">Jelly</p><br style="clear:both;" class="foo" title="foo" />',
'<p style="font-weight:bold;" title="foo">Jelly</p><br class="foo" title="foo" />'
);
}
function test_AllowedAttributes_local_invalidAttribute() {
$this->config->set('Cache', 'DefinitionImpl', null);
$this->config->set('HTML', 'AllowedAttributes', array('p@style', 'p@<foo>'));
$this->expectError(new PatternExpectation("/Attribute '&lt;foo&gt;' in element 'p' not supported/"));
$this->assertPurification_AllowedAttributes_local_p_style();
}
function test_AllowedAttributes_global_invalidAttribute() {
$this->config->set('Cache', 'DefinitionImpl', null);
$this->config->set('HTML', 'AllowedAttributes', array('style', '<foo>'));
$this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
$this->assertPurification_AllowedAttributes_global_style();
}
function test_AllowedAttributes_local_invalidAttributeDueToMissingElement() {
$this->config->set('Cache', 'DefinitionImpl', null);
$this->config->set('HTML', 'AllowedAttributes', 'p.style,foo.style');
$this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
$this->assertPurification_AllowedAttributes_local_p_style();
}
function test_AllowedAttributes_duplicate() {
$this->config->set('HTML', 'AllowedAttributes', 'p.style,p@style');
$this->assertPurification_AllowedAttributes_local_p_style();
}
function test_AllowedAttributes_multipleErrors() {
$this->config->set('HTML', 'AllowedAttributes', 'p.style,foo.style,<foo>');
$this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
$this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
$this->assertPurification_AllowedAttributes_local_p_style();
}
function test_ForbiddenElements() {
$this->config->set('HTML', 'ForbiddenElements', 'b');
$this->assertPurification('<b>b</b><i>i</i>', 'b<i>i</i>');
}
function test_ForbiddenElements_invalidElement() {
$this->config->set('HTML', 'ForbiddenElements', 'obviously_incorrect');
// no error!
$this->assertPurification('<i>i</i>');
}
function assertPurification_ForbiddenAttributes_b_style() {
$this->assertPurification(
'<b style="float:left;">b</b><i style="float:left;">i</i>',
'<b>b</b><i style="float:left;">i</i>');
}
function test_ForbiddenAttributes() {
$this->config->set('HTML', 'ForbiddenAttributes', 'b@style');
$this->assertPurification_ForbiddenAttributes_b_style();
}
function test_ForbiddenAttributes_incorrectSyntax() {
$this->config->set('Cache', 'DefinitionImpl', null);
$this->config->set('HTML', 'ForbiddenAttributes', 'b.style');
$this->expectError("Error with b.style: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead");
$this->assertPurification('<b style="float:left;">Test</b>');
}
function test_addAttribute() {
$config = HTMLPurifier_Config::create(array(
@@ -116,5 +260,7 @@ a[href|title]
}
}

16
tests/HTMLPurifier/Harness.php
View File

@@ -10,15 +10,27 @@ class HTMLPurifier_Harness extends UnitTestCase
parent::__construct();
}
protected $config, $context;
protected $config, $context, $purifier;
/**
* Generates easily accessible default config/context
* Generates easily accessible default config/context, as well as
* a convenience purifier for integration testing.
*/
public function setUp() {
list($this->config, $this->context) = $this->createCommon();
$this->purifier = new HTMLPurifier();
}
/**
* Asserts a purification. Good for integration testing.
*/
function assertPurification($input, $expect = null) {
if ($expect === null) $expect = $input;
$result = $this->purifier->purify($input, $this->config);
$this->assertIdentical($expect, $result);
}
/**
* Accepts config and context and prepares them into a valid state
* @param &$config Reference to config variable

61
tests/HTMLPurifierTest.php
View File

@@ -4,24 +4,12 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
{
protected $purifier;
function setUp() {
$this->purifier = new HTMLPurifier();
}
function assertPurification($input, $expect = null, $config = array()) {
if ($expect === null) $expect = $input;
$result = $this->purifier->purify($input, $config);
$this->assertIdentical($expect, $result);
}
function testNull() {
$this->assertPurification("Null byte\0", "Null byte");
}
function testStrict() {
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML', 'Strict', true);
$this->purifier = new HTMLPurifier( $config ); // verbose syntax
$this->config->set('HTML', 'Strict', true);
$this->assertPurification(
'<u>Illegal underline</u>',
@@ -37,10 +25,8 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
function testDifferentAllowedElements() {
$this->purifier = new HTMLPurifier(array(
'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
'HTML.AllowedAttributes' => array('a.href', '*.id')
));
$this->config->set('HTML', 'AllowedElements', array('b', 'i', 'p', 'a'));
$this->config->set('HTML', 'AllowedAttributes', array('a.href', '*.id'));
$this->assertPurification(
'<p>Par.</p><p>Para<a href="http://google.com/">gr</a>aph</p>Text<b>Bol<i>d</i></b>'
@@ -54,10 +40,9 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
}
function testBlacklistElements() {
$this->purifier = new HTMLPurifier(array(
'HTML.ForbiddenElements' => array('b'),
'HTML.ForbiddenAttributes' => array('a.href')
));
$this->config->set('HTML', 'ForbiddenElements', array('b'));
$this->config->set('HTML', 'ForbiddenAttributes', array('a@href'));
$this->assertPurification(
'<p>Par.</p>'
);
@@ -70,9 +55,7 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
function testDifferentAllowedCSSProperties() {
$this->purifier = new HTMLPurifier(array(
'CSS.AllowedProperties' => array('color', 'background-color')
));
$this->config->set('CSS', 'AllowedProperties', array('color', 'background-color'));
$this->assertPurification(
'<div style="color:#f00;background-color:#ded;">red</div>'
@@ -87,7 +70,7 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
function testDisableURI() {
$this->purifier = new HTMLPurifier( array('URI.Disable' => true) );
$this->config->set('URI', 'Disable', true);
$this->assertPurification(
'<img src="foobar"/>',
@@ -98,8 +81,6 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
function test_purifyArray() {
$this->purifier = new HTMLPurifier();
$this->assertIdentical(
$this->purifier->purifyArray(
array('Good', '<b>Sketchy', 'foo' => '<script>bad</script>')
@@ -111,23 +92,24 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
}
function testEnableAttrID() {
$this->purifier = new HTMLPurifier();
function testAttrIDDisabledByDefault() {
$this->assertPurification(
'<span id="moon">foobar</span>',
'<span>foobar</span>'
);
$this->purifier = new HTMLPurifier(array('Attr.EnableID' => true));
}
function testEnableAttrID() {
$this->config->set('Attr', 'EnableID', true);
$this->assertPurification('<span id="moon">foobar</span>');
$this->assertPurification('<img id="folly" src="folly.png" alt="Omigosh!" />');
}
function testScript() {
$this->purifier = new HTMLPurifier(array('HTML.Trusted' => true));
$this->config->set('HTML', 'Trusted', true);
$ideal = '<script type="text/javascript"><!--//--><![CDATA[//><!--
alert("<This is compatible with XHTML>");
//--><!]]></script>';
@@ -168,24 +150,21 @@ alert("<This is compatible with XHTML>");
}
function testMakeAbsolute() {
$this->config->set('URI', 'Base', 'http://example.com/bar/baz.php');
$this->config->set('URI', 'MakeAbsolute', true);
$this->assertPurification(
'<a href="foo.txt">Foobar</a>',
'<a href="http://example.com/bar/foo.txt">Foobar</a>',
array(
'URI.Base' => 'http://example.com/bar/baz.php',
'URI.MakeAbsolute' => true
)
'<a href="http://example.com/bar/foo.txt">Foobar</a>'
);
}
function test_addFilter_deprecated() {
$purifier = new HTMLPurifier();
$this->expectError('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom');
generate_mock_once('HTMLPurifier_Filter');
$purifier->addFilter($mock = new HTMLPurifier_FilterMock());
$this->purifier->addFilter($mock = new HTMLPurifier_FilterMock());
$mock->expectOnce('preFilter');
$mock->expectOnce('postFilter');
$purifier->purify('foo');
$this->purifier->purify('foo');
}
}