Laclic
/
Souke
Seguir 5
Destacar 0
Fork 1
Código Incidencias 1 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
3 Commits
6 Ramas
Árbol: c34e5111c8
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'c34e5111c8'
${ noResults }
Souke/vendor/ezyang/htmlpurifier/tests/HTMLPurifier/HTMLDefinitionTest.php

390 líneas
14KB
Original Blame Histórico 

  1. <?php

  2. 

  3. class HTMLPurifier_HTMLDefinitionTest extends HTMLPurifier_Harness

  4. {

  5. 

  6.     public function expectError($error = false, $message = '%s')

  7.     {

  8.         // Because we're testing a definition, it's vital that the cache

  9.         // is turned off for tests that expect errors.

  10.         $this->config->set('Cache.DefinitionImpl', null);

  11.         parent::expectError($error);

  12.     }

  13. 

  14.     public function test_parseTinyMCEAllowedList()

  15.     {

  16.         $def = new HTMLPurifier_HTMLDefinition();

  17. 

  18.         // note: this is case-sensitive, but its config schema

  19.         // counterpart is not. This is generally a good thing for users,

  20.         // but it's a slight internal inconsistency

  21. 

  22.         $this->assertEqual(

  23.             $def->parseTinyMCEAllowedList(''),

  24.             array(array(), array())

  25.         );

  26. 

  27.         $this->assertEqual(

  28.             $def->parseTinyMCEAllowedList('a,b,c'),

  29.             array(array('a' => true, 'b' => true, 'c' => true), array())

  30.         );

  31. 

  32.         $this->assertEqual(

  33.             $def->parseTinyMCEAllowedList('a[x|y|z]'),

  34.             array(array('a' => true), array('a.x' => true, 'a.y' => true, 'a.z' => true))

  35.         );

  36. 

  37.         $this->assertEqual(

  38.             $def->parseTinyMCEAllowedList('*[id]'),

  39.             array(array(), array('*.id' => true))

  40.         );

  41. 

  42.         $this->assertEqual(

  43.             $def->parseTinyMCEAllowedList('a[*]'),

  44.             array(array('a' => true), array('a.*' => true))

  45.         );

  46. 

  47.         $this->assertEqual(

  48.             $def->parseTinyMCEAllowedList('span[style],strong,a[href|title]'),

  49.             array(array('span' => true, 'strong' => true, 'a' => true),

  50.             array('span.style' => true, 'a.href' => true, 'a.title' => true))

  51.         );

  52. 

  53.         $this->assertEqual(

  54.             // alternate form:

  55.             $def->parseTinyMCEAllowedList(

  56. 'span[style]

  57. strong

  58. a[href|title]

  59. '),

  60.             $val = array(array('span' => true, 'strong' => true, 'a' => true),

  61.             array('span.style' => true, 'a.href' => true, 'a.title' => true))

  62.         );

  63. 

  64.         $this->assertEqual(

  65.             $def->parseTinyMCEAllowedList(' span [ style ], strong'."\n\t".'a[href | title]'),

  66.             $val

  67.         );

  68. 

  69.     }

  70. 

  71.     public function test_Allowed()

  72.     {

  73.         $config1 = HTMLPurifier_Config::create(array(

  74.             'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),

  75.             'HTML.AllowedAttributes' => array('a@href', '*@id')

  76.         ));

  77. 

  78.         $config2 = HTMLPurifier_Config::create(array(

  79.             'HTML.Allowed' => 'b,i,p,a[href],*[id]'

  80.         ));

  81. 

  82.         $this->assertEqual($config1->getHTMLDefinition(), $config2->getHTMLDefinition());

  83. 

  84.     }

  85. 

  86.     public function assertPurification_AllowedElements_p()

  87.     {

  88.         $this->assertPurification('<p><b>Jelly</b></p>', '<p>Jelly</p>');

  89.     }

  90. 

  91.     public function test_AllowedElements()

  92.     {

  93.         $this->config->set('HTML.AllowedElements', 'p');

  94.         $this->assertPurification_AllowedElements_p();

  95.     }

  96. 

  97.     public function test_AllowedElements_multiple()

  98.     {

  99.         $this->config->set('HTML.AllowedElements', 'p,div');

  100.         $this->assertPurification('<div><p><b>Jelly</b></p></div>', '<div><p>Jelly</p></div>');

  101.     }

  102. 

  103.     public function test_AllowedElements_invalidElement()

  104.     {

  105.         $this->config->set('HTML.AllowedElements', 'obviously_invalid,p');

  106.         $this->expectError(new PatternExpectation("/Element 'obviously_invalid' is not supported/"));

  107.         $this->assertPurification_AllowedElements_p();

  108.     }

  109. 

  110.     public function test_AllowedElements_invalidElement_xssAttempt()

  111.     {

  112.         $this->config->set('HTML.AllowedElements', '<script>,p');

  113.         $this->expectError(new PatternExpectation("/Element '&lt;script&gt;' is not supported/"));

  114.         $this->assertPurification_AllowedElements_p();

  115.     }

  116. 

  117.     public function test_AllowedElements_multipleInvalidElements()

  118.     {

  119.         $this->config->set('HTML.AllowedElements', 'dr-wiggles,dr-pepper,p');

  120.         $this->expectError(new PatternExpectation("/Element 'dr-wiggles' is not supported/"));

  121.         $this->expectError(new PatternExpectation("/Element 'dr-pepper' is not supported/"));

  122.         $this->assertPurification_AllowedElements_p();

  123.     }

  124. 

  125.     public function assertPurification_AllowedAttributes_global_style()

  126.     {

  127.         $this->assertPurification(

  128.             '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',

  129.             '<p style="font-weight:bold;">Jelly</p><br style="clear:both;" />');

  130.     }

  131. 

  132.     public function test_AllowedAttributes_global_preferredSyntax()

  133.     {

  134.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  135.         $this->config->set('HTML.AllowedAttributes', 'style');

  136.         $this->assertPurification_AllowedAttributes_global_style();

  137.     }

  138. 

  139.     public function test_AllowedAttributes_global_verboseSyntax()

  140.     {

  141.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  142.         $this->config->set('HTML.AllowedAttributes', '*@style');

  143.         $this->assertPurification_AllowedAttributes_global_style();

  144.     }

  145. 

  146.     public function test_AllowedAttributes_global_discouragedSyntax()

  147.     {

  148.         // Emit errors eventually

  149.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  150.         $this->config->set('HTML.AllowedAttributes', '*.style');

  151.         $this->assertPurification_AllowedAttributes_global_style();

  152.     }

  153. 

  154.     public function assertPurification_AllowedAttributes_local_p_style()

  155.     {

  156.         $this->assertPurification(

  157.             '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',

  158.             '<p style="font-weight:bold;">Jelly</p><br />');

  159.     }

  160. 

  161.     public function test_AllowedAttributes_local_preferredSyntax()

  162.     {

  163.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  164.         $this->config->set('HTML.AllowedAttributes', 'p@style');

  165.         $this->assertPurification_AllowedAttributes_local_p_style();

  166.     }

  167. 

  168.     public function test_AllowedAttributes_local_discouragedSyntax()

  169.     {

  170.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  171.         $this->config->set('HTML.AllowedAttributes', 'p.style');

  172.         $this->assertPurification_AllowedAttributes_local_p_style();

  173.     }

  174. 

  175.     public function test_AllowedAttributes_multiple()

  176.     {

  177.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  178.         $this->config->set('HTML.AllowedAttributes', 'p@style,br@class,title');

  179.         $this->assertPurification(

  180.             '<p style="font-weight:bold;" class="foo" title="foo">Jelly</p><br style="clear:both;" class="foo" title="foo" />',

  181.             '<p style="font-weight:bold;" title="foo">Jelly</p><br class="foo" title="foo" />'

  182.         );

  183.     }

  184. 

  185.     public function test_AllowedAttributes_local_invalidAttribute()

  186.     {

  187.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  188.         $this->config->set('HTML.AllowedAttributes', array('p@style', 'p@<foo>'));

  189.         $this->expectError(new PatternExpectation("/Attribute '&lt;foo&gt;' in element 'p' not supported/"));

  190.         $this->assertPurification_AllowedAttributes_local_p_style();

  191.     }

  192. 

  193.     public function test_AllowedAttributes_global_invalidAttribute()

  194.     {

  195.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  196.         $this->config->set('HTML.AllowedAttributes', array('style', '<foo>'));

  197.         $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));

  198.         $this->assertPurification_AllowedAttributes_global_style();

  199.     }

  200. 

  201.     public function test_AllowedAttributes_local_invalidAttributeDueToMissingElement()

  202.     {

  203.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  204.         $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style');

  205.         $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));

  206.         $this->assertPurification_AllowedAttributes_local_p_style();

  207.     }

  208. 

  209.     public function test_AllowedAttributes_duplicate()

  210.     {

  211.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  212.         $this->config->set('HTML.AllowedAttributes', 'p.style,p@style');

  213.         $this->assertPurification_AllowedAttributes_local_p_style();

  214.     }

  215. 

  216.     public function test_AllowedAttributes_multipleErrors()

  217.     {

  218.         $this->config->set('HTML.AllowedElements', array('p', 'br'));

  219.         $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style,<foo>');

  220.         $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));

  221.         $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));

  222.         $this->assertPurification_AllowedAttributes_local_p_style();

  223.     }

  224. 

  225.     public function test_ForbiddenElements()

  226.     {

  227.         $this->config->set('HTML.ForbiddenElements', 'b');

  228.         $this->assertPurification('<b>b</b><i>i</i>', 'b<i>i</i>');

  229.     }

  230. 

  231.     public function test_ForbiddenElements_invalidElement()

  232.     {

  233.         $this->config->set('HTML.ForbiddenElements', 'obviously_incorrect');

  234.         // no error!

  235.         $this->assertPurification('<i>i</i>');

  236.     }

  237. 

  238.     public function assertPurification_ForbiddenAttributes_b_style()

  239.     {

  240.         $this->assertPurification(

  241.             '<b style="float:left;">b</b><i style="float:left;">i</i>',

  242.             '<b>b</b><i style="float:left;">i</i>');

  243.     }

  244. 

  245.     public function test_ForbiddenAttributes()

  246.     {

  247.         $this->config->set('HTML.ForbiddenAttributes', 'b@style');

  248.         $this->assertPurification_ForbiddenAttributes_b_style();

  249.     }

  250. 

  251.     public function test_ForbiddenAttributes_incorrectSyntax()

  252.     {

  253.         $this->config->set('HTML.ForbiddenAttributes', 'b.style');

  254.         $this->expectError("Error with b.style: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead");

  255.         $this->assertPurification('<b style="float:left;">Test</b>');

  256.     }

  257. 

  258.     public function test_ForbiddenAttributes_incorrectGlobalSyntax()

  259.     {

  260.         $this->config->set('HTML.ForbiddenAttributes', '*.style');

  261.         $this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");

  262.         $this->assertPurification('<b style="float:left;">Test</b>');

  263.     }

  264. 

  265.     public function assertPurification_ForbiddenAttributes_style()

  266.     {

  267.         $this->assertPurification(

  268.             '<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',

  269.             '<b class="foo">b</b><i>i</i>');

  270.     }

  271. 

  272.     public function test_ForbiddenAttributes_global()

  273.     {

  274.         $this->config->set('HTML.ForbiddenAttributes', 'style');

  275.         $this->assertPurification_ForbiddenAttributes_style();

  276.     }

  277. 

  278.     public function test_ForbiddenAttributes_globalVerboseFormat()

  279.     {

  280.         $this->config->set('HTML.ForbiddenAttributes', '*@style');

  281.         $this->assertPurification_ForbiddenAttributes_style();

  282.     }

  283. 

  284.     public function test_addAttribute()

  285.     {

  286.         $config = HTMLPurifier_Config::createDefault();

  287.         $def = $config->getHTMLDefinition(true);

  288.         $def->addAttribute('span', 'custom', 'Enum#attribute');

  289. 

  290.         $purifier = new HTMLPurifier($config);

  291.         $input = '<span custom="attribute">Custom!</span>';

  292.         $output = $purifier->purify($input);

  293.         $this->assertIdentical($input, $output);

  294. 

  295.     }

  296. 

  297.     public function test_addAttribute_multiple()

  298.     {

  299.         $config = HTMLPurifier_Config::createDefault();

  300.         $def = $config->getHTMLDefinition(true);

  301.         $def->addAttribute('span', 'custom', 'Enum#attribute');

  302.         $def->addAttribute('span', 'foo', 'Text');

  303. 

  304.         $purifier = new HTMLPurifier($config);

  305.         $input = '<span custom="attribute" foo="asdf">Custom!</span>';

  306.         $output = $purifier->purify($input);

  307.         $this->assertIdentical($input, $output);

  308. 

  309.     }

  310. 

  311.     public function test_addElement()

  312.     {

  313.         $config = HTMLPurifier_Config::createDefault();

  314.         $def = $config->getHTMLDefinition(true);

  315.         $def->addElement('marquee', 'Inline', 'Inline', 'Common', array('width' => 'Length'));

  316. 

  317.         $purifier = new HTMLPurifier($config);

  318.         $input = '<span><marquee width="50">Foobar</marquee></span>';

  319.         $output = $purifier->purify($input);

  320.         $this->assertIdentical($input, $output);

  321. 

  322.     }

  323. 

  324.     public function test_injector()

  325.     {

  326.         generate_mock_once('HTMLPurifier_Injector');

  327.         $injector = new HTMLPurifier_InjectorMock();

  328.         $injector->name = 'MyInjector';

  329.         $injector->setReturnValue('checkNeeded', false);

  330. 

  331.         $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();

  332.         $module->info_injector[] = $injector;

  333. 

  334.         $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,

  335.             array(

  336.                 'MyInjector' => $injector,

  337.             )

  338.         );

  339.     }

  340. 

  341.     public function test_injectorMissingNeeded()

  342.     {

  343.         generate_mock_once('HTMLPurifier_Injector');

  344.         $injector = new HTMLPurifier_InjectorMock();

  345.         $injector->name = 'MyInjector';

  346.         $injector->setReturnValue('checkNeeded', 'a');

  347. 

  348.         $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();

  349.         $module->info_injector[] = $injector;

  350. 

  351.         $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,

  352.             array()

  353.         );

  354.     }

  355. 

  356.     public function test_injectorIntegration()

  357.     {

  358.         $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();

  359.         $module->info_injector[] = 'Linkify';

  360. 

  361.         $this->assertIdentical(

  362.             $this->config->getHTMLDefinition()->info_injector,

  363.             array('Linkify' => new HTMLPurifier_Injector_Linkify())

  364.         );

  365.     }

  366. 

  367.     public function test_injectorIntegrationFail()

  368.     {

  369.         $this->config->set('HTML.Allowed', 'p');

  370. 

  371.         $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();

  372.         $module->info_injector[] = 'Linkify';

  373. 

  374.         $this->assertIdentical(

  375.             $this->config->getHTMLDefinition()->info_injector,

  376.             array()

  377.         );

  378.     }

  379. 

  380.     public function test_notAllowedRequiredAttributeError()

  381.     {

  382.         $this->expectError("Required attribute 'src' in element 'img' was not allowed, which means 'img' will not be allowed either");

  383.         $this->config->set('HTML.Allowed', 'img[alt]');

  384.         $this->config->getHTMLDefinition();

  385.     }

  386. 

  387. }

  388. 

  389. // vim: et sw=4 sts=4