mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-05 05:37:49 +02:00
Code Issues Releases Wiki Activity

Implement HTMLT tests, and migrate HTMLPurifierTest to this format.

Browse Source 
HTMLT tests are a compact and easy-to-use way of making assertPurification
type tests. They take the format of:

--INI--
Ns.Directive = "directive value"
--HTML--
Input HTML
--EXPECT--
Expected HTML

Expect more features and migration to be coming soon.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
Edward Z. Yang
2008-07-05 02:34:19 -04:00
parent 334ffac5b4
commit e05bd77344
28 changed files with 208 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

187
tests/HTMLPurifierTest.php
View File

@@ -7,78 +7,7 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
function testNull() {
$this->assertPurification("Null byte\0", "Null byte");
}
function testStrict() {
$this->config->set('HTML', 'Strict', true);
$this->assertPurification(
'<u>Illegal underline</u>',
'<span style="text-decoration:underline;">Illegal underline</span>'
);
$this->assertPurification(
'<blockquote>Illegal contents</blockquote>',
'<blockquote><p>Illegal contents</p></blockquote>'
);
}
function testDifferentAllowedElements() {
$this->config->set('HTML', 'AllowedElements', array('b', 'i', 'p', 'a'));
$this->config->set('HTML', 'AllowedAttributes', array('a.href', '*.id'));
$this->assertPurification(
'<p>Par.</p><p>Para<a href="http://google.com/">gr</a>aph</p>Text<b>Bol<i>d</i></b>'
);
$this->assertPurification(
'<span>Not allowed</span><a class="mef" id="foobar">Foobar</a>',
'Not allowed<a>Foobar</a>' // no ID!!!
);
}
function testBlacklistElements() {
$this->config->set('HTML', 'ForbiddenElements', array('b'));
$this->config->set('HTML', 'ForbiddenAttributes', array('a@href'));
$this->assertPurification(
'<p>Par.</p>'
);
$this->assertPurification(
'<b>Pa<a href="foo">r</a>.</b>',
'Pa<a>r</a>.'
);
}
function testDifferentAllowedCSSProperties() {
$this->config->set('CSS', 'AllowedProperties', array('color', 'background-color'));
$this->assertPurification(
'<div style="color:#f00;background-color:#ded;">red</div>'
);
$this->assertPurification(
'<div style="color:#f00;border:1px solid #000">red</div>',
'<div style="color:#f00;">red</div>'
);
}
function testDisableURI() {
$this->config->set('URI', 'Disable', true);
$this->assertPurification(
'<img src="foobar"/>',
''
);
}
function test_purifyArray() {
$this->assertIdentical(
@@ -92,57 +21,6 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
}
function testAttrIDDisabledByDefault() {
$this->assertPurification(
'<span id="moon">foobar</span>',
'<span>foobar</span>'
);
}
function testEnableAttrID() {
$this->config->set('Attr', 'EnableID', true);
$this->assertPurification('<span id="moon">foobar</span>');
$this->assertPurification('<img id="folly" src="folly.png" alt="Omigosh!" />');
}
function testScript() {
$this->config->set('HTML', 'Trusted', true);
$ideal = '<script type="text/javascript"><!--//--><![CDATA[//><!--
alert("<This is compatible with XHTML>");
//--><!]]></script>';
$this->assertPurification($ideal);
$this->assertPurification(
'<script type="text/javascript"><![CDATA[
alert("<This is compatible with XHTML>");
]]></script>',
$ideal
);
$this->assertPurification(
'<script type="text/javascript">alert("<This is compatible with XHTML>");</script>',
$ideal
);
$this->assertPurification(
'<script type="text/javascript"><!--
alert("<This is compatible with XHTML>");
//--></script>',
$ideal
);
$this->assertPurification(
'<script type="text/javascript"><![CDATA[
alert("<This is compatible with XHTML>");
//]]></script>',
$ideal
);
}
function testGetInstance() {
$purifier = HTMLPurifier::getInstance();
$purifier2 = HTMLPurifier::getInstance();
@@ -167,70 +45,5 @@ alert("<This is compatible with XHTML>");
$this->purifier->purify('foo');
}
function test_shiftJis() {
if (!function_exists('iconv')) return;
$this->config->set('Core', 'Encoding', 'Shift_JIS');
$this->config->set('Core', 'EscapeNonASCIICharacters', true);
$this->assertPurification(
"<b style=\"font-family:'&#165;';\">111</b>"
);
}
function test_shiftJisWorstCase() {
if (!function_exists('iconv')) return;
$this->config->set('Core', 'Encoding', 'Shift_JIS');
$this->assertPurification( // Notice how Yen disappears
"<b style=\"font-family:'&#165;';\">111</b>",
"<b style=\"font-family:'';\">111</b>"
);
}
function test_secureMunge() {
$this->config->set('URI', 'Munge', '/redirect.php?url=%s&check=%t');
$this->config->set('URI', 'MungeSecretKey', 'foo');
$this->assertPurification(
'<a href="http://localhost">foo</a><img src="http://localhost" alt="local" />',
'<a href="/redirect.php?url=http%3A%2F%2Flocalhost&amp;check=8e8223ae8fac24561104180ea549c21fbd111be7">foo</a><img src="http://localhost" alt="local" />'
);
}
function test_safeObjectAndEmbed() {
$this->config->set('HTML', 'SafeObject', true);
$this->config->set('HTML', 'SafeEmbed', true);
$this->assertPurification(
'<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en"></param><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>',
'<object width="425" height="344" data="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" /><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" type="application/x-shockwave-flash" width="425" height="344" allowscriptaccess="never" allownetworking="internal" /></object>'
);
}
function test_safeObjectAndEmbedWithSecureMunge() {
$this->config->set('HTML', 'SafeObject', true);
$this->config->set('HTML', 'SafeEmbed', true);
$this->config->set('URI', 'Munge', '/redirect.php?url=%s&check=%t');
$this->config->set('URI', 'MungeSecretKey', 'foo');
$this->assertPurification(
'<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en"></param><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>',
'<object width="425" height="344" data="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" /><embed src="http://www.youtube.com/v/Oq3FV_zdyy0&amp;hl=en" type="application/x-shockwave-flash" width="425" height="344" allowscriptaccess="never" allownetworking="internal" /></object>'
);
}
function test_mungeWithExtraParams() {
$this->config->set('URI', 'Munge', '/redirect?s=%s&t=%t&r=%r&n=%n&m=%m&p=%p');
$this->config->set('URI', 'MungeSecretKey', 'foo');
$this->config->set('URI', 'MungeResources', true);
$this->assertPurification(
'<a href="http://example.com">Link</a><img src="http://example.com" style="background-image:url(http://example.com);" alt="example.com" />',
'<a href="/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=&amp;n=a&amp;m=href&amp;p=">Link</a>'.
'<img src="/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=1&amp;n=img&amp;m=src&amp;p=" '.
'style="background-image:url(/redirect?s=http%3A%2F%2Fexample.com&amp;t=c15354f3953dfec262c55b1403067e0d045a3059&amp;r=1&amp;n=img&amp;m=style&amp;p=background-image);" alt="example.com" />'
);
}
function test_name() {
$this->config->set('Attr', 'EnableID', true);
$this->config->set('HTML', 'Doctype', 'XHTML 1.0 Strict');
$this->assertPurification('<a name="asdf"></a>');
}
}