. /** * Unit tests for the HTMLPurifier integration * * @package core * @category phpunit * @copyright 2012 Petr Skoda {@link http://skodak.org} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ defined('MOODLE_INTERNAL') || die(); /** * HTMLPurifier test case * * @package core * @category phpunit * @copyright 2012 Petr Skoda {@link http://skodak.org} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class core_htmlpurifier_testcase extends basic_testcase { /** * Verify _blank target is allowed * @return void */ public function test_allow_blank_target() { $text = 'Some link'; $result = format_text($text, FORMAT_HTML); $this->assertSame($text, $result); $result = format_text('Some link', FORMAT_HTML); $this->assertSame('Some link', $result); } /** * Verify our nolink tag accepted * @return void */ public function test_nolink() { // we can not use format text because nolink changes result $text = '
no filters
'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'xxxxx
xxx
'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Verify our tex tag accepted * @return void */ public function test_tex() { $text = 'a+b=c'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Verify our algebra tag accepted * @return void */ public function test_algebra() { $text = 'a+b=c'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Verify our hacky multilang works * @return void */ public function test_multilang() { $text = 'hmmmhm'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'hmmmhm'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'hmmm'; $result = purify_html($text, array()); $this->assertNotSame($text, $result); // keep standard lang tags $text = 'asas'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'xxxxxx'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Tests the 'allowid' option for format_text. * @return void */ public function test_format_text_allowid() { // Start off by not allowing ids (default) $options = array( 'nocache' => true ); $result = format_text('
Frog
', FORMAT_HTML, $options); $this->assertSame('
Frog
', $result); // Now allow ids $options['allowid'] = true; $result = format_text('
Frog
', FORMAT_HTML, $options); $this->assertSame('
Frog
', $result); } /** * Test if linebreaks kept unchanged. * @return void */ public function test_line_breaking() { $text = "\n\raa\rsss\nsss\r"; $this->assertSame($text, purify_html($text)); } /** * Test fixing of strict problems. * @return void */ public function test_tidy() { $text = "

xx"; $this->assertSame('

xx

', purify_html($text)); $text = "

xx

"; $this->assertSame('

xx

', purify_html($text)); $text = "xx
"; $this->assertSame('xx
', purify_html($text)); } /** * Test nesting - this used to cause problems in earlier versions * @return void */ public function test_nested_lists() { $text = ""; $this->assertSame($text, purify_html($text)); } /** * Test that XSS protection works, complete smoke tests are in htmlpurifier itself. * @return void */ public function test_cleaning_nastiness() { $text = "xx"; $this->assertSame('xx', purify_html($text)); $text = '
xx
'; $this->assertSame('
xx
', purify_html($text)); $text = '
xx
'; $this->assertSame('
xx
', purify_html($text)); $text = 'xx'; $this->assertSame('xx', purify_html($text)); $text = 'xx'; $this->assertSame('xx', purify_html($text)); $text = 'xx'; $this->assertSame('xx', purify_html($text)); $text = 'x
x'; $this->assertSame('xx', purify_html($text)); } /** * Test internal function used for clean_text() speedup. * @return void */ public function test_is_purify_html_necessary() { // first our shortcuts $text = ""; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "666"; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "abc\ndef \" ' "; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "abc\n

def

efg

hij

"; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "
abc\n

defefghi
j

"; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); // now failures $text = " "; $this->assertTrue(is_purify_html_necessary($text)); $text = "Gin & Tonic"; $this->assertTrue(is_purify_html_necessary($text)); $text = "Gin > Tonic"; $this->assertTrue(is_purify_html_necessary($text)); $text = "Gin < Tonic"; $this->assertTrue(is_purify_html_necessary($text)); $text = "
abc
"; $this->assertTrue(is_purify_html_necessary($text)); $text = "abc"; $this->assertTrue(is_purify_html_necessary($text)); $text = "
abc"; $this->assertTrue(is_purify_html_necessary($text)); $text = "

abc

"; $this->assertTrue(is_purify_html_necessary($text)); $text = "

abc

"; $this->assertTrue(is_purify_html_necessary($text)); $text = "

abc"; $this->assertTrue(is_purify_html_necessary($text)); } public function test_allowed_schemes() { // first standard schemes $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); // extra schemes allowed in moodle $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); // now some borked or dangerous schemes $text = 'link'; $this->assertSame('link', purify_html($text)); $text = 'link'; $this->assertSame('link', purify_html($text)); } }