From 51a1c153d2966f92d2bf80622a353885ab52330b Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Tue, 28 Feb 2012 14:48:15 +0100 Subject: [PATCH] MDL-31785 fix and improve htmlpurifier tests --- lib/simpletest/testhtmlpurifier.php | 159 ++++++++++++++++++++++++++-- lib/simpletest/testpurifier.php | 128 ---------------------- 2 files changed, 150 insertions(+), 137 deletions(-) delete mode 100644 lib/simpletest/testpurifier.php diff --git a/lib/simpletest/testhtmlpurifier.php b/lib/simpletest/testhtmlpurifier.php index 889fd42bb11..b138becfb77 100644 --- a/lib/simpletest/testhtmlpurifier.php +++ b/lib/simpletest/testhtmlpurifier.php @@ -29,29 +29,170 @@ defined('MOODLE_INTERNAL') || die(); class htmlpurifier_test extends UnitTestCase { + + public static $includecoverage = array('lib/htmlpurifier/HTMLPurifier.php'); + + private $cachetext = null; + + function setUp() { + global $CFG; + $this->cachetext = $CFG->cachetext; + $CFG->cachetext = 0; + } + + function tearDown() { + global $CFG; + $CFG->cachetext = $this->cachetext; + } + /** - * Tests the installation of event handlers from file + * Verify _blank target is allowed + * @return void */ - function test_our_tags() { + public function test_allow_blank_target() { + $text = 'Some link'; + $result = format_text($text, FORMAT_HTML); + $this->assertIdentical($text, $result); + + $result = format_text('Some link', FORMAT_HTML); + $this->assertIdentical('Some link', $result); + } + + /** + * Verify our nolink tag accepted + * @return void + */ + public function test_nolink() { + // we can not use format text because nolink changes result + $text = '
no filters
'; + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); + $text = 'xxxxx
xxx
'; - $this->assertIdentical($text, purify_html($text)); + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); + } - $text = 'xxxxxx'; - $this->assertIdentical($text, purify_html($text)); + /** + * Verify our tex tag accepted + * @return void + */ + public function test_tex() { + $text = 'a+b=c'; + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); + } - $text = 'xxxxxx'; - $this->assertIdentical($text, purify_html($text)); + /** + * Verify our algebra tag accepted + * @return void + */ + public function test_algebra() { + $text = 'a+b=c'; + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); + } + + /** + * Verify our hacky multilang works + * @return void + */ + public function test_multilang() { + $text = 'hmmmhm'; + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); + + $text = 'hmmmhm'; + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); + + $text = 'hmmm'; + $result = purify_html($text, array()); + $this->assertNotIdentical($text, $result); + + // keep standard lang tags $text = 'asas'; - $this->assertIdentical($text, purify_html($text)); + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); $text = 'xxxxxx'; - $this->assertIdentical($text, purify_html($text)); + $result = purify_html($text, array()); + $this->assertIdentical($text, $result); + } + /** + * Tests the 'allowid' option for format_text. + */ + public function test_format_text_allowid() { + // Start off by not allowing ids (default) + $options = array( + 'nocache' => true + ); + $result = format_text('
Frog
', FORMAT_HTML, $options); + $this->assertIdentical('
Frog
', $result); + + // Now allow ids + $options['allowid'] = true; + $result = format_text('
Frog
', FORMAT_HTML, $options); + $this->assertIdentical('
Frog
', $result); + } + + /** + * Test if linebreaks kept unchanged. + */ + function test_line_breaking() { $text = "\n\raa\rsss\nsss\r"; $this->assertIdentical($text, purify_html($text)); } + /** + * Test fixing of strict problems. + */ + function test_tidy() { + $text = "

xx"; + $this->assertIdentical('

xx

', purify_html($text)); + + $text = "

xx

"; + $this->assertIdentical('

xx

', purify_html($text)); + + $text = "xx
"; + $this->assertIdentical('xx
', purify_html($text)); + } + + /** + * Test nesting - this used to cause problems in earlier versions + */ + function test_nested_lists() { + $text = ""; + $this->assertIdentical($text, purify_html($text)); + } + + /** + * Test that XSS protection works, complete smoke tests are in htmlpurifier itself. + */ + function test_cleaning_nastiness() { + $text = "xx"; + $this->assertIdentical('xx', purify_html($text)); + + $text = '
xx
'; + $this->assertIdentical('
xx
', purify_html($text)); + + $text = '
xx
'; + $this->assertIdentical('
xx
', purify_html($text)); + + $text = 'xx'; + $this->assertIdentical('xx', purify_html($text)); + + $text = 'xx'; + $this->assertIdentical('xx', purify_html($text)); + + $text = 'xx'; + $this->assertIdentical('xx', purify_html($text)); + + $text = 'x
x'; + $this->assertIdentical('xx', purify_html($text)); + } } diff --git a/lib/simpletest/testpurifier.php b/lib/simpletest/testpurifier.php deleted file mode 100644 index e066d263dd7..00000000000 --- a/lib/simpletest/testpurifier.php +++ /dev/null @@ -1,128 +0,0 @@ -. - -/** - * Unit tests for the HTMLPurifier integration - * - * @package core - * @subpackage simpletest - * @copyright 2011 Petr Skoda (http://skodak.org) - * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later - */ - -defined('MOODLE_INTERNAL') || die(); - - -class purifier_test extends UnitTestCase { - - public static $includecoverage = array('lib/htmlpurifier/HTMLPurifier.php'); - - private $cachetext = null; - - function setUp() { - global $CFG; - $this->cachetext = $CFG->cachetext; - $CFG->cachetext = 0; - } - - function tearDown() { - global $CFG; - $CFG->cachetext = $this->cachetext; - } - - /** - * Verify _blank target is allowed - * @return void - */ - public function test_allow_blank_target() { - $text = 'Some link'; - $result = format_text($text, FORMAT_HTML); - $this->assertIdentical($text, $result); - - $result = format_text('Some link', FORMAT_HTML); - $this->assertIdentical('Some link', $result); - } - - /** - * Verify our nolink tag accepted - * @return void - */ - public function test_nolink() { - // we can not use format text because nolink changes result - $text = '
no filters
'; - $result = purify_html($text, array()); - $this->assertIdentical($text, $result); - } - - /** - * Verify our tex tag accepted - * @return void - */ - public function test_tex() { - $text = 'a+b=c'; - $result = purify_html($text, array()); - $this->assertIdentical($text, $result); - } - - /** - * Verify our algebra tag accepted - * @return void - */ - public function test_algebra() { - $text = 'a+b=c'; - $result = purify_html($text, array()); - $this->assertIdentical($text, $result); - } - - /** - * Verify our hacky multilang works - * @return void - */ - public function test_multilang() { - $text = 'hmmmhm'; - $result = purify_html($text, array()); - $this->assertIdentical($text, $result); - - $text = 'hmmmhm'; - $result = purify_html($text, array()); - $this->assertIdentical($text, $result); - - $text = 'hmmm'; - $result = purify_html($text, array()); - $this->assertNotIdentical($text, $result); - } - - /** - * Tests the 'allowid' option for format_text. - */ - public function test_format_text_allowid() { - // Start off by not allowing ids (default) - $options = array( - 'nocache' => true - ); - $result = format_text('
Frog
', FORMAT_HTML, $options); - $this->assertIdentical('
Frog
', $result); - - // Now allow ids - $options['allowid'] = true; - $result = format_text('
Frog
', FORMAT_HTML, $options); - $this->assertIdentical('
Frog
', $result); - } - - - //TODO: add XSS smoke tests here -} -