[3.1.0] Implement tag@attr for Allowed and Forbidden

- Fix (or null) bug in configdoc git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1695 48356398-32a2-884e-a903-53898d9a118a
2025-07-30 19:00:10 +02:00 · 2008-04-26 03:14:01 +00:00
parent 1f8619cda5
commit 84aa2ca390
9 changed files with 276 additions and 84 deletions
--- a/tests/HTMLPurifier/HTMLDefinitionTest.php
+++ b/tests/HTMLPurifier/HTMLDefinitionTest.php
@@ -59,7 +59,7 @@ a[href|title]
        
        $config1 = HTMLPurifier_Config::create(array(
            'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
-            'HTML.AllowedAttributes' => array('a.href', '*.id')
+            'HTML.AllowedAttributes' => array('a@href', '*@id')
        ));
        
        $config2 = HTMLPurifier_Config::create(array(
@@ -70,6 +70,150 @@ a[href|title]
        
    }
    
+    function assertPurification_AllowedElements_p() {
+        $this->assertPurification('<p><b>Jelly</b></p>', '<p>Jelly</p>');
+    }
+    
+    function test_AllowedElements() {
+        $this->config->set('HTML', 'AllowedElements', 'p');
+        $this->assertPurification_AllowedElements_p();
+    }
+    
+    function test_AllowedElements_multiple() {
+        $this->config->set('HTML', 'AllowedElements', 'p,div');
+        $this->assertPurification('<div><p><b>Jelly</b></p></div>', '<div><p>Jelly</p></div>');
+    }
+    
+    function test_AllowedElements_invalidElement() {
+        $this->config->set('Cache', 'DefinitionImpl', null); // Necessary to ensure error is thrown
+        $this->config->set('HTML', 'AllowedElements', 'obviously_invalid,p');
+        $this->expectError(new PatternExpectation("/Element 'obviously_invalid' is not supported/"));
+        $this->assertPurification_AllowedElements_p();
+    }
+    
+    function test_AllowedElements_invalidElement_xssAttempt() {
+        $this->config->set('Cache', 'DefinitionImpl', null);
+        $this->config->set('HTML', 'AllowedElements', '<script>,p');
+        $this->expectError(new PatternExpectation("/Element '&lt;script&gt;' is not supported/"));
+        $this->assertPurification_AllowedElements_p();
+    }
+    
+    function test_AllowedElements_multipleInvalidElements() {
+        $this->config->set('Cache', 'DefinitionImpl', null);
+        $this->config->set('HTML', 'AllowedElements', 'dr-wiggles,dr-pepper,p');
+        $this->expectError(new PatternExpectation("/Element 'dr-wiggles' is not supported/"));
+        $this->expectError(new PatternExpectation("/Element 'dr-pepper' is not supported/"));
+        $this->assertPurification_AllowedElements_p();
+    }
+    
+    function assertPurification_AllowedAttributes_global_style() {
+        $this->assertPurification(
+            '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
+            '<p style="font-weight:bold;">Jelly</p><br style="clear:both;" />');
+    }
+    
+    function test_AllowedAttributes_global_preferredSyntax() {
+        $this->config->set('HTML', 'AllowedAttributes', 'style');
+        $this->assertPurification_AllowedAttributes_global_style();
+    }
+    
+    function test_AllowedAttributes_global_verboseSyntax() {
+        $this->config->set('HTML', 'AllowedAttributes', '*@style');
+        $this->assertPurification_AllowedAttributes_global_style();
+    }
+    
+    function test_AllowedAttributes_global_discouragedSyntax() {
+        // Emit errors eventually
+        $this->config->set('HTML', 'AllowedAttributes', '*.style');
+        $this->assertPurification_AllowedAttributes_global_style();
+    }
+    
+    function assertPurification_AllowedAttributes_local_p_style() {
+        $this->assertPurification(
+            '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
+            '<p style="font-weight:bold;">Jelly</p><br />');
+    }
+    
+    function test_AllowedAttributes_local_preferredSyntax() {
+        $this->config->set('HTML', 'AllowedAttributes', 'p@style');
+        $this->assertPurification_AllowedAttributes_local_p_style();
+    }
+    
+    function test_AllowedAttributes_local_discouragedSyntax() {
+        $this->config->set('HTML', 'AllowedAttributes', 'p.style');
+        $this->assertPurification_AllowedAttributes_local_p_style();
+    }
+    
+    function test_AllowedAttributes_multiple() {
+        $this->config->set('HTML', 'AllowedAttributes', 'p@style,br@class,title');
+        $this->assertPurification(
+            '<p style="font-weight:bold;" class="foo" title="foo">Jelly</p><br style="clear:both;" class="foo" title="foo" />',
+            '<p style="font-weight:bold;" title="foo">Jelly</p><br class="foo" title="foo" />'
+        );
+    }
+    
+    function test_AllowedAttributes_local_invalidAttribute() {
+        $this->config->set('Cache', 'DefinitionImpl', null);
+        $this->config->set('HTML', 'AllowedAttributes', array('p@style', 'p@<foo>'));
+        $this->expectError(new PatternExpectation("/Attribute '&lt;foo&gt;' in element 'p' not supported/"));
+        $this->assertPurification_AllowedAttributes_local_p_style();
+    }
+    
+    function test_AllowedAttributes_global_invalidAttribute() {
+        $this->config->set('Cache', 'DefinitionImpl', null);
+        $this->config->set('HTML', 'AllowedAttributes', array('style', '<foo>'));
+        $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
+        $this->assertPurification_AllowedAttributes_global_style();
+    }
+    
+    function test_AllowedAttributes_local_invalidAttributeDueToMissingElement() {
+        $this->config->set('Cache', 'DefinitionImpl', null);
+        $this->config->set('HTML', 'AllowedAttributes', 'p.style,foo.style');
+        $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
+        $this->assertPurification_AllowedAttributes_local_p_style();
+    }
+    
+    function test_AllowedAttributes_duplicate() {
+        $this->config->set('HTML', 'AllowedAttributes', 'p.style,p@style');
+        $this->assertPurification_AllowedAttributes_local_p_style();
+    }
+    
+    function test_AllowedAttributes_multipleErrors() {
+        $this->config->set('HTML', 'AllowedAttributes', 'p.style,foo.style,<foo>');
+        $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
+        $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
+        $this->assertPurification_AllowedAttributes_local_p_style();
+    }
+    
+    function test_ForbiddenElements() {
+        $this->config->set('HTML', 'ForbiddenElements', 'b');
+        $this->assertPurification('<b>b</b><i>i</i>', 'b<i>i</i>');
+    }
+    
+    function test_ForbiddenElements_invalidElement() {
+        $this->config->set('HTML', 'ForbiddenElements', 'obviously_incorrect');
+        // no error!
+        $this->assertPurification('<i>i</i>');
+    }
+    
+    function assertPurification_ForbiddenAttributes_b_style() {
+        $this->assertPurification(
+            '<b style="float:left;">b</b><i style="float:left;">i</i>',
+            '<b>b</b><i style="float:left;">i</i>');
+    }
+    
+    function test_ForbiddenAttributes() {
+        $this->config->set('HTML', 'ForbiddenAttributes', 'b@style');
+        $this->assertPurification_ForbiddenAttributes_b_style();
+    }
+    
+    function test_ForbiddenAttributes_incorrectSyntax() {
+        $this->config->set('Cache', 'DefinitionImpl', null);
+        $this->config->set('HTML', 'ForbiddenAttributes', 'b.style');
+        $this->expectError("Error with b.style: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead");
+        $this->assertPurification('<b style="float:left;">Test</b>');
+    }
+    
    function test_addAttribute() {
        
        $config = HTMLPurifier_Config::create(array(
@@ -116,5 +260,7 @@ a[href|title]
        
    }
    
+    
+    
 }