[1.7.0] Add %HTML.Trusted directive to allow untrusted elements in. Add special-case code for <script> into Generator.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1061 48356398-32a2-884e-a903-53898d9a118a
2025-08-06 06:07:26 +02:00 · 2007-05-15 01:17:10 +00:00
parent 65252d6fbd
commit f7eccc0038
5 changed files with 126 additions and 5 deletions
--- a/tests/HTMLPurifier/GeneratorTest.php
+++ b/tests/HTMLPurifier/GeneratorTest.php
@@ -124,6 +124,31 @@ class HTMLPurifier_GeneratorTest extends HTMLPurifier_Harness
        $this->assertIdentical($expect, $result);
    }
    
+    function test_generateFromTokens_Scripting() {
+        $this->config = HTMLPurifier_Config::createDefault();
+        
+        $this->assertGeneration(
+            array(
+                new HTMLPurifier_Token_Start('script'),
+                new HTMLPurifier_Token_Text('alert(3 < 5);'),
+                new HTMLPurifier_Token_End('script')
+            ),
+            "<script><!--\nalert(3 < 5);\n// --></script>"
+        );
+        
+        $this->config = HTMLPurifier_Config::createDefault();
+        $this->config->set('Core', 'CommentScriptContents', false);
+        
+        $this->assertGeneration(
+            array(
+                new HTMLPurifier_Token_Start('script'),
+                new HTMLPurifier_Token_Text('alert(3 < 5);'),
+                new HTMLPurifier_Token_End('script')
+            ),
+            "<script>alert(3 &lt; 5);</script>"
+        );
+    }
+    
    function test_generateFromTokens_XHTMLoff() {
        $this->config = HTMLPurifier_Config::createDefault();
        $this->config->set('Core', 'XHTML', false);
--- a/tests/HTMLPurifier/HTMLModule/ScriptingTest.php
+++ b/tests/HTMLPurifier/HTMLModule/ScriptingTest.php
@@ -0,0 +1,52 @@
+<?php
+
+require_once 'HTMLPurifier/HTMLModuleHarness.php';
+
+class HTMLPurifier_HTMLModule_ScriptingTest extends HTMLPurifier_HTMLModuleHarness
+{
+    
+    function test() {
+        
+        // default
+        $this->assertResult(
+            '<script type="text/javascript">foo();</script>', 'foo();'
+        );
+        
+        // enabled
+        $this->assertResult(
+            '<script type="text/javascript">foo();</script>', true,
+            array('HTML.Trusted' => true)
+        );
+        
+        // max
+        $this->assertResult(
+            '<script
+                defer="defer"
+                src="test.js"
+                type="text/javascript"
+            >PCDATA</script>', true,
+            array('HTML.Trusted' => true, 'Core.CommentScriptContents' => false)
+        );
+        
+        // unsupported
+        $this->assertResult(
+            '<script
+                type="text/javascript"
+                charset="utf-8"
+            >PCDATA</script>',
+            '<script type="text/javascript">PCDATA</script>',
+            array('HTML.Trusted' => true, 'Core.CommentScriptContents' => false)
+        );
+        
+        // invalid children
+        $this->assertResult(
+            '<script type="text/javascript">PCDATA<span</script>',
+            '<script type="text/javascript">PCDATA</script>',
+            array('HTML.Trusted' => true, 'Core.CommentScriptContents' => false)
+        );
+        
+    }
+    
+}
+
+?>