0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00
htmlpurifier/tests/HTMLPurifier/HTMLDefinitionTest.php

429 lines
16 KiB
PHP
Raw Permalink Normal View History

<?php
class HTMLPurifier_HTMLDefinitionTest extends HTMLPurifier_Harness
{
public function expectError($error = false, $message = '%s')
{
// Because we're testing a definition, it's vital that the cache
// is turned off for tests that expect errors.
$this->config->set('Cache.DefinitionImpl', null);
parent::expectError($error);
}
public function test_parseTinyMCEAllowedList()
{
$def = new HTMLPurifier_HTMLDefinition();
// note: this is case-sensitive, but its config schema
// counterpart is not. This is generally a good thing for users,
// but it's a slight internal inconsistency
$this->assertEqual(
$def->parseTinyMCEAllowedList(''),
array(array(), array())
);
$this->assertEqual(
$def->parseTinyMCEAllowedList('a,b,c'),
array(array('a' => true, 'b' => true, 'c' => true), array())
);
$this->assertEqual(
$def->parseTinyMCEAllowedList('a[x|y|z]'),
array(array('a' => true), array('a.x' => true, 'a.y' => true, 'a.z' => true))
);
$this->assertEqual(
$def->parseTinyMCEAllowedList('*[id]'),
array(array(), array('*.id' => true))
);
$this->assertEqual(
$def->parseTinyMCEAllowedList('a[*]'),
array(array('a' => true), array('a.*' => true))
);
$this->assertEqual(
$def->parseTinyMCEAllowedList('span[style],strong,a[href|title]'),
array(array('span' => true, 'strong' => true, 'a' => true),
array('span.style' => true, 'a.href' => true, 'a.title' => true))
);
$this->assertEqual(
// alternate form:
$def->parseTinyMCEAllowedList(
'span[style]
strong
a[href|title]
'),
$val = array(array('span' => true, 'strong' => true, 'a' => true),
array('span.style' => true, 'a.href' => true, 'a.title' => true))
);
$this->assertEqual(
$def->parseTinyMCEAllowedList(' span [ style ], strong'."\n\t".'a[href | title]'),
$val
);
}
public function test_Allowed()
{
$config1 = HTMLPurifier_Config::create(array(
'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
'HTML.AllowedAttributes' => array('a@href', '*@id')
));
$config2 = HTMLPurifier_Config::create(array(
'HTML.Allowed' => 'b,i,p,a[href],*[id]'
));
$this->assertEqual($config1->getHTMLDefinition(), $config2->getHTMLDefinition());
}
public function assertPurification_AllowedElements_p()
{
$this->assertPurification('<p><b>Jelly</b></p>', '<p>Jelly</p>');
}
public function test_AllowedElements()
{
$this->config->set('HTML.AllowedElements', 'p');
$this->assertPurification_AllowedElements_p();
}
public function test_AllowedElements_multiple()
{
$this->config->set('HTML.AllowedElements', 'p,div');
$this->assertPurification('<div><p><b>Jelly</b></p></div>', '<div><p>Jelly</p></div>');
}
public function test_AllowedElements_invalidElement()
{
$this->config->set('HTML.AllowedElements', 'obviously_invalid,p');
$this->expectError(new PatternExpectation("/Element 'obviously_invalid' is not supported/"));
$this->assertPurification_AllowedElements_p();
}
public function test_AllowedElements_invalidElement_xssAttempt()
{
$this->config->set('HTML.AllowedElements', '<script>,p');
$this->expectError(new PatternExpectation("/Element '&lt;script&gt;' is not supported/"));
$this->assertPurification_AllowedElements_p();
}
public function test_AllowedElements_multipleInvalidElements()
{
$this->config->set('HTML.AllowedElements', 'dr-wiggles,dr-pepper,p');
$this->expectError(new PatternExpectation("/Element 'dr-wiggles' is not supported/"));
$this->expectError(new PatternExpectation("/Element 'dr-pepper' is not supported/"));
$this->assertPurification_AllowedElements_p();
}
public function assertPurification_AllowedAttributes_global_style()
{
$this->assertPurification(
'<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
'<p style="font-weight:bold;">Jelly</p><br style="clear:both;" />');
}
public function test_AllowedAttributes_global_preferredSyntax()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', 'style');
$this->assertPurification_AllowedAttributes_global_style();
}
public function test_AllowedAttributes_global_verboseSyntax()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', '*@style');
$this->assertPurification_AllowedAttributes_global_style();
}
public function test_AllowedAttributes_global_discouragedSyntax()
{
// Emit errors eventually
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', '*.style');
$this->assertPurification_AllowedAttributes_global_style();
}
public function assertPurification_AllowedAttributes_local_p_style()
{
$this->assertPurification(
'<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
'<p style="font-weight:bold;">Jelly</p><br />');
}
public function test_AllowedAttributes_local_preferredSyntax()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', 'p@style');
$this->assertPurification_AllowedAttributes_local_p_style();
}
public function test_AllowedAttributes_local_discouragedSyntax()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', 'p.style');
$this->assertPurification_AllowedAttributes_local_p_style();
}
public function test_AllowedAttributes_multiple()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', 'p@style,br@class,title');
$this->assertPurification(
'<p style="font-weight:bold;" class="foo" title="foo">Jelly</p><br style="clear:both;" class="foo" title="foo" />',
'<p style="font-weight:bold;" title="foo">Jelly</p><br class="foo" title="foo" />'
);
}
public function test_AllowedAttributes_local_invalidAttribute()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', array('p@style', 'p@<foo>'));
$this->expectError(new PatternExpectation("/Attribute '&lt;foo&gt;' in element 'p' not supported/"));
$this->assertPurification_AllowedAttributes_local_p_style();
}
public function test_AllowedAttributes_global_invalidAttribute()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', array('style', '<foo>'));
$this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
$this->assertPurification_AllowedAttributes_global_style();
}
public function test_AllowedAttributes_local_invalidAttributeDueToMissingElement()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', 'p.style,foo.style');
$this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
$this->assertPurification_AllowedAttributes_local_p_style();
}
public function test_AllowedAttributes_duplicate()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', 'p.style,p@style');
$this->assertPurification_AllowedAttributes_local_p_style();
}
public function test_AllowedAttributes_multipleErrors()
{
$this->config->set('HTML.AllowedElements', array('p', 'br'));
$this->config->set('HTML.AllowedAttributes', 'p.style,foo.style,<foo>');
$this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
$this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
$this->assertPurification_AllowedAttributes_local_p_style();
}
public function test_AllowedAttributes_invalidAttributeDueToConsistingOfNumbers_UsingDirectLex()
{
$this->config->set('HTML.AllowedElements', array('a'));
$this->config->set('HTML.AllowedAttributes', 'href');
$this->config->set('Core.LexerImpl', 'DirectLex');
$this->assertPurification(
'<a href="https://example.com/" 10="hoge">Test</a>',
'<a href="https://example.com/">Test</a>'
);
}
public function test_ForbiddenElements()
{
$this->config->set('HTML.ForbiddenElements', 'b');
$this->assertPurification('<b>b</b><i>i</i>', 'b<i>i</i>');
}
public function test_ForbiddenElements_invalidElement()
{
$this->config->set('HTML.ForbiddenElements', 'obviously_incorrect');
// no error!
$this->assertPurification('<i>i</i>');
}
public function assertPurification_ForbiddenAttributes_b_style()
{
$this->assertPurification(
'<b style="float:left;">b</b><i style="float:left;">i</i>',
'<b>b</b><i style="float:left;">i</i>');
}
public function test_ForbiddenAttributes()
{
$this->config->set('HTML.ForbiddenAttributes', 'b@style');
$this->assertPurification_ForbiddenAttributes_b_style();
}
public function test_ForbiddenAttributes_incorrectSyntax()
{
$this->config->set('HTML.ForbiddenAttributes', 'b.style');
$this->expectError("Error with b.style: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead");
$this->assertPurification('<b style="float:left;">Test</b>');
}
public function test_ForbiddenAttributes_incorrectGlobalSyntax()
{
$this->config->set('HTML.ForbiddenAttributes', '*.style');
$this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
$this->assertPurification('<b style="float:left;">Test</b>');
}
public function assertPurification_ForbiddenAttributes_style()
{
$this->assertPurification(
'<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
'<b class="foo">b</b><i>i</i>');
}
public function test_ForbiddenAttributes_global()
{
$this->config->set('HTML.ForbiddenAttributes', 'style');
$this->assertPurification_ForbiddenAttributes_style();
}
public function test_ForbiddenAttributes_globalVerboseFormat()
{
$this->config->set('HTML.ForbiddenAttributes', '*@style');
$this->assertPurification_ForbiddenAttributes_style();
}
public function test_addAttribute()
{
$config = HTMLPurifier_Config::createDefault();
$def = $config->getHTMLDefinition(true);
$def->addAttribute('span', 'custom', 'Enum#attribute');
$purifier = new HTMLPurifier($config);
$input = '<span custom="attribute">Custom!</span>';
$output = $purifier->purify($input);
$this->assertIdentical($input, $output);
}
public function test_addAttribute_multiple()
{
$config = HTMLPurifier_Config::createDefault();
$def = $config->getHTMLDefinition(true);
$def->addAttribute('span', 'custom', 'Enum#attribute');
$def->addAttribute('span', 'foo', 'Text');
$purifier = new HTMLPurifier($config);
$input = '<span custom="attribute" foo="asdf">Custom!</span>';
$output = $purifier->purify($input);
$this->assertIdentical($input, $output);
}
public function test_addElement()
{
$config = HTMLPurifier_Config::createDefault();
$def = $config->getHTMLDefinition(true);
$def->addElement('marquee', 'Inline', 'Inline', 'Common', array('width' => 'Length'));
$purifier = new HTMLPurifier($config);
$input = '<span><marquee width="50">Foobar</marquee></span>';
$output = $purifier->purify($input);
$this->assertIdentical($input, $output);
}
public function test_injector()
{
generate_mock_once('HTMLPurifier_Injector');
$injector = new HTMLPurifier_InjectorMock();
$injector->name = 'MyInjector';
$injector->returns('checkNeeded', false);
$module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
$module->info_injector[] = $injector;
$this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
array(
'MyInjector' => $injector,
)
);
}
public function test_injectorMissingNeeded()
{
generate_mock_once('HTMLPurifier_Injector');
$injector = new HTMLPurifier_InjectorMock();
$injector->name = 'MyInjector';
$injector->returns('checkNeeded', 'a');
$module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
$module->info_injector[] = $injector;
$this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
array()
);
}
public function test_injectorIntegration()
{
$module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
$module->info_injector[] = 'Linkify';
$this->assertIdentical(
$this->config->getHTMLDefinition()->info_injector,
array('Linkify' => new HTMLPurifier_Injector_Linkify())
);
}
public function test_injectorIntegrationFail()
{
$this->config->set('HTML.Allowed', 'p');
$module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
$module->info_injector[] = 'Linkify';
$this->assertIdentical(
$this->config->getHTMLDefinition()->info_injector,
array()
);
}
public function test_notAllowedRequiredAttributeError()
{
$this->expectError("Required attribute 'src' in element 'img' was not allowed, which means 'img' will not be allowed either");
$this->config->set('HTML.Allowed', 'img[alt]');
$this->config->getHTMLDefinition();
}
public function test_manyNestedTags()
{
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.AllowParseManyTags', true);
$purifier = new HTMLPurifier($config);
$input = 'I am inside a lot of tags';
for ($i = 0; $i < 300; $i++) {
$input = '<div>' . $input . '</div>';
}
$output = $purifier->purify($input);
$this->assertIdentical($input, $output);
}
public function test_removeBlanks()
{
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.RemoveBlanks', true);
$input = file_get_contents(__DIR__ . '/FixtureData/RemoveBlankTestCaseInput.html');
$expected = file_get_contents(__DIR__ . '/FixtureData/RemoveBlankTestCaseOutput.html');
$purifier = new HTMLPurifier($config);
$actual = $purifier->purify($input);
$this->assertIdentical($expected, $actual);
}
}
// vim: et sw=4 sts=4