[3.1.0] Revamp URI handling of percent encoding and validation.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1709 48356398-32a2-884e-a903-53898d9a118a
2025-10-17 15:06:07 +02:00 · 2008-05-14 02:19:00 +00:00
parent 77ce3e8b4a
commit cb5d5d0648
13 changed files with 261 additions and 50 deletions
--- a/tests/HTMLPurifier/AttrDef/URI/HostTest.php
+++ b/tests/HTMLPurifier/AttrDef/URI/HostTest.php
@@ -14,6 +14,27 @@ class HTMLPurifier_AttrDef_URI_HostTest extends HTMLPurifier_AttrDefHarness
        $this->assertDef('124.15.6.89'); // IPv4
        $this->assertDef('www.google.com'); // reg-name
        
+        // more domain name tests
+        $this->assertDef('test.');
+        $this->assertDef('sub.test.');
+        $this->assertDef('.test', false);
+        $this->assertDef('ff');
+        $this->assertDef('1f', false);
+        $this->assertDef('-f', false);
+        $this->assertDef('f1');
+        $this->assertDef('f-', false);
+        $this->assertDef('sub.ff');
+        $this->assertDef('sub.1f', false);
+        $this->assertDef('sub.-f', false);
+        $this->assertDef('sub.f1');
+        $this->assertDef('sub.f-', false);
+        $this->assertDef('ff.top');
+        $this->assertDef('1f.top');
+        $this->assertDef('-f.top', false);
+        $this->assertDef('ff.top');
+        $this->assertDef('f1.top');
+        $this->assertDef('f-.top', false);
+        
    }
    
 }
--- a/tests/HTMLPurifier/AttrDef/URITest.php
+++ b/tests/HTMLPurifier/AttrDef/URITest.php
@@ -29,6 +29,19 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
        );
    }
    
+    function testPercentEncoding() {
+        $this->assertDef(
+            'http:colon:mercenary',
+            'colon%3Amercenary'
+        );
+    }
+    
+    function testPercentEncodingPreserve() {
+        $this->assertDef(
+            'http://www.example.com/abcABC123-_.!~*()\''
+        );
+    }
+    
    function testEmbeds() {
        $this->def = new HTMLPurifier_AttrDef_URI(true);
        $this->assertDef('http://sub.example.com/alas?foo=asd');
--- a/tests/HTMLPurifier/PercentEncoderTest.php
+++ b/tests/HTMLPurifier/PercentEncoderTest.php
@@ -35,5 +35,28 @@ class HTMLPurifier_PercentEncoderTest extends HTMLPurifier_Harness
        
    }
    
+    function assertEncode($string, $expect = true, $preserve = false) {
+        if ($expect === true) $expect = $string;
+        $encoder = new HTMLPurifier_PercentEncoder($preserve);
+        $result = $encoder->encode($string);
+        $this->assertIdentical($result, $expect);
+    }
+    
+    function test_encode_noChange() {
+        $this->assertEncode('abc012-_~.');
+    }
+    
+    function test_encode_encode() {
+        $this->assertEncode('>', '%3E');
+    }
+    
+    function test_encode_preserve() {
+        $this->assertEncode('<>', '<%3E', '<');
+    }
+    
+    function test_encode_low() {
+        $this->assertEncode("\1", '%01');
+    }
+    
 }

--- a/tests/HTMLPurifier/URIParserTest.php
+++ b/tests/HTMLPurifier/URIParserTest.php
@@ -13,6 +13,13 @@ class HTMLPurifier_URIParserTest extends HTMLPurifier_Harness
        $this->assertEqual($result, $expect);
    }
    
+    function testPercentNormalization() {
+        $this->assertParsing(
+            '%G',
+            null, null, null, null, '%25G', null, null
+        );
+    }
+    
    function testRegular() {
        $this->assertParsing(
            'http://www.example.com/webhp?q=foo#result2',
@@ -121,7 +128,7 @@ class HTMLPurifier_URIParserTest extends HTMLPurifier_Harness
    
    function testMalformedTag() {
        $this->assertParsing(
-            'http://www.example.com/\'>"',
+            'http://www.example.com/>',
            'http', null, 'www.example.com', null, '/', null, null
        );
    }
--- a/tests/HTMLPurifier/URITest.php
+++ b/tests/HTMLPurifier/URITest.php
@@ -160,4 +160,32 @@ class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
        $this->assertValidation('http://[2001:0db8:85z3:08d3:1319:8a2e:0370:7334]', 'http:');
    }
    
+    function test_validate_removeRedundantScheme() {
+        $this->assertValidation('http:foo:/:', 'foo%3A/:');
+    }
+    
+    function test_validate_username() {
+        $this->assertValidation("http://user\xE3\x91\x94:@foo.com", 'http://user%E3%91%94:@foo.com');
+    }
+    
+    function test_validate_path_abempty() {
+        $this->assertValidation("http://host/\xE3\x91\x94:", 'http://host/%E3%91%94:');
+    }
+    
+    function test_validate_path_absolute() {
+        $this->assertValidation("/\xE3\x91\x94:", '/%E3%91%94:');
+    }
+    
+    function test_validate_path_rootless() {
+        $this->assertValidation("mailto:\xE3\x91\x94:", 'mailto:%E3%91%94:');
+    }
+    
+    function test_validate_path_noscheme() {
+        $this->assertValidation("\xE3\x91\x94", '%E3%91%94');
+    }
+    
+    function test_validate_path_empty() {
+        $this->assertValidation('http://google.com');
+    }
+    
 }