2006-09-01 17:56:55 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
require_once 'HTMLPurifier.php';
|
|
|
|
|
|
|
|
// integration test
|
|
|
|
|
|
|
|
class HTMLPurifier_Test extends UnitTestCase
|
|
|
|
{
|
|
|
|
var $purifier;
|
|
|
|
|
2006-11-23 23:59:20 +00:00
|
|
|
function setUp() {
|
|
|
|
$this->purifier = new HTMLPurifier();
|
|
|
|
}
|
|
|
|
|
2006-09-04 23:01:47 +00:00
|
|
|
function assertPurification($input, $expect = null) {
|
|
|
|
if ($expect === null) $expect = $input;
|
2006-09-01 17:56:55 +00:00
|
|
|
$result = $this->purifier->purify($input);
|
|
|
|
$this->assertIdentical($expect, $result);
|
|
|
|
}
|
|
|
|
|
2006-11-22 18:17:39 +00:00
|
|
|
function testNull() {
|
|
|
|
$this->assertPurification("Null byte\0", "Null byte");
|
|
|
|
}
|
|
|
|
|
|
|
|
function testStrict() {
|
2006-09-01 17:56:55 +00:00
|
|
|
$config = HTMLPurifier_Config::createDefault();
|
2006-11-22 18:17:39 +00:00
|
|
|
$config->set('HTML', 'Strict', true);
|
2006-12-15 02:12:03 +00:00
|
|
|
$this->purifier = new HTMLPurifier( $config ); // verbose syntax
|
2006-11-22 18:17:39 +00:00
|
|
|
|
|
|
|
$this->assertPurification(
|
|
|
|
'<u>Illegal underline</u>',
|
2007-05-20 21:22:54 +00:00
|
|
|
'<span style="text-decoration:underline;">Illegal underline</span>'
|
2006-11-22 18:17:39 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
$this->assertPurification(
|
|
|
|
'<blockquote>Illegal contents</blockquote>',
|
2006-11-23 03:23:35 +00:00
|
|
|
'<blockquote><p>Illegal contents</p></blockquote>'
|
2006-11-22 18:17:39 +00:00
|
|
|
);
|
|
|
|
|
2006-09-01 17:56:55 +00:00
|
|
|
}
|
2006-11-22 18:17:39 +00:00
|
|
|
|
2006-11-23 13:51:19 +00:00
|
|
|
function testDifferentAllowedElements() {
|
2006-12-15 02:12:03 +00:00
|
|
|
|
|
|
|
$this->purifier = new HTMLPurifier(array(
|
|
|
|
'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
|
|
|
|
'HTML.AllowedAttributes' => array('a.href', '*.id')
|
|
|
|
));
|
2006-11-23 13:51:19 +00:00
|
|
|
|
|
|
|
$this->assertPurification(
|
|
|
|
'<p>Par.</p><p>Para<a href="http://google.com/">gr</a>aph</p>Text<b>Bol<i>d</i></b>'
|
|
|
|
);
|
|
|
|
|
|
|
|
$this->assertPurification(
|
|
|
|
'<span>Not allowed</span><a class="mef" id="foobar">Foobar</a>',
|
|
|
|
'Not allowed<a>Foobar</a>' // no ID!!!
|
|
|
|
);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2006-11-23 23:59:20 +00:00
|
|
|
function testDisableURI() {
|
|
|
|
|
2006-12-15 02:12:03 +00:00
|
|
|
$this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );
|
2006-11-23 23:59:20 +00:00
|
|
|
|
|
|
|
$this->assertPurification(
|
|
|
|
'<img src="foobar"/>',
|
|
|
|
''
|
|
|
|
);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2006-12-20 23:51:09 +00:00
|
|
|
function test_purifyArray() {
|
|
|
|
|
|
|
|
$this->purifier = new HTMLPurifier();
|
|
|
|
|
2007-05-05 20:17:04 +00:00
|
|
|
$this->assertIdentical(
|
2006-12-20 23:51:09 +00:00
|
|
|
$this->purifier->purifyArray(
|
|
|
|
array('Good', '<b>Sketchy', 'foo' => '<script>bad</script>')
|
|
|
|
),
|
|
|
|
array('Good', '<b>Sketchy</b>', 'foo' => 'bad')
|
|
|
|
);
|
|
|
|
|
|
|
|
$this->assertIsA($this->purifier->context, 'array');
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2007-02-11 01:52:56 +00:00
|
|
|
function testEnableAttrID() {
|
|
|
|
|
|
|
|
$this->purifier = new HTMLPurifier();
|
|
|
|
|
|
|
|
$this->assertPurification(
|
|
|
|
'<span id="moon">foobar</span>',
|
|
|
|
'<span>foobar</span>'
|
|
|
|
);
|
|
|
|
|
|
|
|
$this->purifier = new HTMLPurifier(array('HTML.EnableAttrID' => true));
|
|
|
|
$this->assertPurification('<span id="moon">foobar</span>');
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2006-09-01 17:56:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
?>
|