|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389 |
- <?php
-
- class HTMLPurifier_HTMLDefinitionTest extends HTMLPurifier_Harness
- {
-
- public function expectError($error = false, $message = '%s')
- {
- // Because we're testing a definition, it's vital that the cache
- // is turned off for tests that expect errors.
- $this->config->set('Cache.DefinitionImpl', null);
- parent::expectError($error);
- }
-
- public function test_parseTinyMCEAllowedList()
- {
- $def = new HTMLPurifier_HTMLDefinition();
-
- // note: this is case-sensitive, but its config schema
- // counterpart is not. This is generally a good thing for users,
- // but it's a slight internal inconsistency
-
- $this->assertEqual(
- $def->parseTinyMCEAllowedList(''),
- array(array(), array())
- );
-
- $this->assertEqual(
- $def->parseTinyMCEAllowedList('a,b,c'),
- array(array('a' => true, 'b' => true, 'c' => true), array())
- );
-
- $this->assertEqual(
- $def->parseTinyMCEAllowedList('a[x|y|z]'),
- array(array('a' => true), array('a.x' => true, 'a.y' => true, 'a.z' => true))
- );
-
- $this->assertEqual(
- $def->parseTinyMCEAllowedList('*[id]'),
- array(array(), array('*.id' => true))
- );
-
- $this->assertEqual(
- $def->parseTinyMCEAllowedList('a[*]'),
- array(array('a' => true), array('a.*' => true))
- );
-
- $this->assertEqual(
- $def->parseTinyMCEAllowedList('span[style],strong,a[href|title]'),
- array(array('span' => true, 'strong' => true, 'a' => true),
- array('span.style' => true, 'a.href' => true, 'a.title' => true))
- );
-
- $this->assertEqual(
- // alternate form:
- $def->parseTinyMCEAllowedList(
- 'span[style]
- strong
- a[href|title]
- '),
- $val = array(array('span' => true, 'strong' => true, 'a' => true),
- array('span.style' => true, 'a.href' => true, 'a.title' => true))
- );
-
- $this->assertEqual(
- $def->parseTinyMCEAllowedList(' span [ style ], strong'."\n\t".'a[href | title]'),
- $val
- );
-
- }
-
- public function test_Allowed()
- {
- $config1 = HTMLPurifier_Config::create(array(
- 'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
- 'HTML.AllowedAttributes' => array('a@href', '*@id')
- ));
-
- $config2 = HTMLPurifier_Config::create(array(
- 'HTML.Allowed' => 'b,i,p,a[href],*[id]'
- ));
-
- $this->assertEqual($config1->getHTMLDefinition(), $config2->getHTMLDefinition());
-
- }
-
- public function assertPurification_AllowedElements_p()
- {
- $this->assertPurification('<p><b>Jelly</b></p>', '<p>Jelly</p>');
- }
-
- public function test_AllowedElements()
- {
- $this->config->set('HTML.AllowedElements', 'p');
- $this->assertPurification_AllowedElements_p();
- }
-
- public function test_AllowedElements_multiple()
- {
- $this->config->set('HTML.AllowedElements', 'p,div');
- $this->assertPurification('<div><p><b>Jelly</b></p></div>', '<div><p>Jelly</p></div>');
- }
-
- public function test_AllowedElements_invalidElement()
- {
- $this->config->set('HTML.AllowedElements', 'obviously_invalid,p');
- $this->expectError(new PatternExpectation("/Element 'obviously_invalid' is not supported/"));
- $this->assertPurification_AllowedElements_p();
- }
-
- public function test_AllowedElements_invalidElement_xssAttempt()
- {
- $this->config->set('HTML.AllowedElements', '<script>,p');
- $this->expectError(new PatternExpectation("/Element '<script>' is not supported/"));
- $this->assertPurification_AllowedElements_p();
- }
-
- public function test_AllowedElements_multipleInvalidElements()
- {
- $this->config->set('HTML.AllowedElements', 'dr-wiggles,dr-pepper,p');
- $this->expectError(new PatternExpectation("/Element 'dr-wiggles' is not supported/"));
- $this->expectError(new PatternExpectation("/Element 'dr-pepper' is not supported/"));
- $this->assertPurification_AllowedElements_p();
- }
-
- public function assertPurification_AllowedAttributes_global_style()
- {
- $this->assertPurification(
- '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
- '<p style="font-weight:bold;">Jelly</p><br style="clear:both;" />');
- }
-
- public function test_AllowedAttributes_global_preferredSyntax()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', 'style');
- $this->assertPurification_AllowedAttributes_global_style();
- }
-
- public function test_AllowedAttributes_global_verboseSyntax()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', '*@style');
- $this->assertPurification_AllowedAttributes_global_style();
- }
-
- public function test_AllowedAttributes_global_discouragedSyntax()
- {
- // Emit errors eventually
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', '*.style');
- $this->assertPurification_AllowedAttributes_global_style();
- }
-
- public function assertPurification_AllowedAttributes_local_p_style()
- {
- $this->assertPurification(
- '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
- '<p style="font-weight:bold;">Jelly</p><br />');
- }
-
- public function test_AllowedAttributes_local_preferredSyntax()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', 'p@style');
- $this->assertPurification_AllowedAttributes_local_p_style();
- }
-
- public function test_AllowedAttributes_local_discouragedSyntax()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', 'p.style');
- $this->assertPurification_AllowedAttributes_local_p_style();
- }
-
- public function test_AllowedAttributes_multiple()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', 'p@style,br@class,title');
- $this->assertPurification(
- '<p style="font-weight:bold;" class="foo" title="foo">Jelly</p><br style="clear:both;" class="foo" title="foo" />',
- '<p style="font-weight:bold;" title="foo">Jelly</p><br class="foo" title="foo" />'
- );
- }
-
- public function test_AllowedAttributes_local_invalidAttribute()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', array('p@style', 'p@<foo>'));
- $this->expectError(new PatternExpectation("/Attribute '<foo>' in element 'p' not supported/"));
- $this->assertPurification_AllowedAttributes_local_p_style();
- }
-
- public function test_AllowedAttributes_global_invalidAttribute()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', array('style', '<foo>'));
- $this->expectError(new PatternExpectation("/Global attribute '<foo>' is not supported in any elements/"));
- $this->assertPurification_AllowedAttributes_global_style();
- }
-
- public function test_AllowedAttributes_local_invalidAttributeDueToMissingElement()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style');
- $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
- $this->assertPurification_AllowedAttributes_local_p_style();
- }
-
- public function test_AllowedAttributes_duplicate()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', 'p.style,p@style');
- $this->assertPurification_AllowedAttributes_local_p_style();
- }
-
- public function test_AllowedAttributes_multipleErrors()
- {
- $this->config->set('HTML.AllowedElements', array('p', 'br'));
- $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style,<foo>');
- $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
- $this->expectError(new PatternExpectation("/Global attribute '<foo>' is not supported in any elements/"));
- $this->assertPurification_AllowedAttributes_local_p_style();
- }
-
- public function test_ForbiddenElements()
- {
- $this->config->set('HTML.ForbiddenElements', 'b');
- $this->assertPurification('<b>b</b><i>i</i>', 'b<i>i</i>');
- }
-
- public function test_ForbiddenElements_invalidElement()
- {
- $this->config->set('HTML.ForbiddenElements', 'obviously_incorrect');
- // no error!
- $this->assertPurification('<i>i</i>');
- }
-
- public function assertPurification_ForbiddenAttributes_b_style()
- {
- $this->assertPurification(
- '<b style="float:left;">b</b><i style="float:left;">i</i>',
- '<b>b</b><i style="float:left;">i</i>');
- }
-
- public function test_ForbiddenAttributes()
- {
- $this->config->set('HTML.ForbiddenAttributes', 'b@style');
- $this->assertPurification_ForbiddenAttributes_b_style();
- }
-
- public function test_ForbiddenAttributes_incorrectSyntax()
- {
- $this->config->set('HTML.ForbiddenAttributes', 'b.style');
- $this->expectError("Error with b.style: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead");
- $this->assertPurification('<b style="float:left;">Test</b>');
- }
-
- public function test_ForbiddenAttributes_incorrectGlobalSyntax()
- {
- $this->config->set('HTML.ForbiddenAttributes', '*.style');
- $this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
- $this->assertPurification('<b style="float:left;">Test</b>');
- }
-
- public function assertPurification_ForbiddenAttributes_style()
- {
- $this->assertPurification(
- '<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
- '<b class="foo">b</b><i>i</i>');
- }
-
- public function test_ForbiddenAttributes_global()
- {
- $this->config->set('HTML.ForbiddenAttributes', 'style');
- $this->assertPurification_ForbiddenAttributes_style();
- }
-
- public function test_ForbiddenAttributes_globalVerboseFormat()
- {
- $this->config->set('HTML.ForbiddenAttributes', '*@style');
- $this->assertPurification_ForbiddenAttributes_style();
- }
-
- public function test_addAttribute()
- {
- $config = HTMLPurifier_Config::createDefault();
- $def = $config->getHTMLDefinition(true);
- $def->addAttribute('span', 'custom', 'Enum#attribute');
-
- $purifier = new HTMLPurifier($config);
- $input = '<span custom="attribute">Custom!</span>';
- $output = $purifier->purify($input);
- $this->assertIdentical($input, $output);
-
- }
-
- public function test_addAttribute_multiple()
- {
- $config = HTMLPurifier_Config::createDefault();
- $def = $config->getHTMLDefinition(true);
- $def->addAttribute('span', 'custom', 'Enum#attribute');
- $def->addAttribute('span', 'foo', 'Text');
-
- $purifier = new HTMLPurifier($config);
- $input = '<span custom="attribute" foo="asdf">Custom!</span>';
- $output = $purifier->purify($input);
- $this->assertIdentical($input, $output);
-
- }
-
- public function test_addElement()
- {
- $config = HTMLPurifier_Config::createDefault();
- $def = $config->getHTMLDefinition(true);
- $def->addElement('marquee', 'Inline', 'Inline', 'Common', array('width' => 'Length'));
-
- $purifier = new HTMLPurifier($config);
- $input = '<span><marquee width="50">Foobar</marquee></span>';
- $output = $purifier->purify($input);
- $this->assertIdentical($input, $output);
-
- }
-
- public function test_injector()
- {
- generate_mock_once('HTMLPurifier_Injector');
- $injector = new HTMLPurifier_InjectorMock();
- $injector->name = 'MyInjector';
- $injector->setReturnValue('checkNeeded', false);
-
- $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
- $module->info_injector[] = $injector;
-
- $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
- array(
- 'MyInjector' => $injector,
- )
- );
- }
-
- public function test_injectorMissingNeeded()
- {
- generate_mock_once('HTMLPurifier_Injector');
- $injector = new HTMLPurifier_InjectorMock();
- $injector->name = 'MyInjector';
- $injector->setReturnValue('checkNeeded', 'a');
-
- $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
- $module->info_injector[] = $injector;
-
- $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
- array()
- );
- }
-
- public function test_injectorIntegration()
- {
- $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
- $module->info_injector[] = 'Linkify';
-
- $this->assertIdentical(
- $this->config->getHTMLDefinition()->info_injector,
- array('Linkify' => new HTMLPurifier_Injector_Linkify())
- );
- }
-
- public function test_injectorIntegrationFail()
- {
- $this->config->set('HTML.Allowed', 'p');
-
- $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
- $module->info_injector[] = 'Linkify';
-
- $this->assertIdentical(
- $this->config->getHTMLDefinition()->info_injector,
- array()
- );
- }
-
- public function test_notAllowedRequiredAttributeError()
- {
- $this->expectError("Required attribute 'src' in element 'img' was not allowed, which means 'img' will not be allowed either");
- $this->config->set('HTML.Allowed', 'img[alt]');
- $this->config->getHTMLDefinition();
- }
-
- }
-
- // vim: et sw=4 sts=4
|