mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-10 07:38:41 +00:00
Code Releases Activity
4919187fc6
htmlpurifier/tests/HTMLPurifier/AttrDef/URITest.php

112 lines
3.6 KiB
PHP
Raw Normal View History

Commit initial URI unit tests and implementation. They're not complete yet though. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@206 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 01:12:35 +00:00
<?php
require_once 'HTMLPurifier/AttrDefHarness.php';
require_once 'HTMLPurifier/AttrDef/URI.php';
[2.1.0] Create new URI object and migrate URI validation systems to use it. URIScheme interface changed. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1334 48356398-32a2-884e-a903-53898d9a118a
2007-08-01 18:34:46 +00:00
/**
* @todo Aim for complete code coverage with mocks
*/
Commit initial URI unit tests and implementation. They're not complete yet though. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@206 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 01:12:35 +00:00
class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
{
[2.1.0] - AttrDef_URI unit tests refactored - Block access to benchmarks: they should be called via command line git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1328 48356398-32a2-884e-a903-53898d9a118a
2007-08-01 01:48:51 +00:00
function setUp() {
[2.1.0] Create new URI object and migrate URI validation systems to use it. URIScheme interface changed. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1334 48356398-32a2-884e-a903-53898d9a118a
2007-08-01 18:34:46 +00:00
$this->def = new HTMLPurifier_AttrDef_URI();
[2.1.0] - AttrDef_URI unit tests refactored - Block access to benchmarks: they should be called via command line git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1328 48356398-32a2-884e-a903-53898d9a118a
2007-08-01 01:48:51 +00:00
parent::setUp();
}
Commit a very lenient mailto checker. We'll tighten it later. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:11:21 +00:00
function testIntegration() {
$this->assertDef('http://www.google.com/');
[2.1.0] URI scheme is munged off if there is no authority and the scheme is the default one git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1330 48356398-32a2-884e-a903-53898d9a118a
2007-08-01 13:15:33 +00:00
$this->assertDef('http:', '');
$this->assertDef('http:/foo', '/foo');
Commit a very lenient mailto checker. We'll tighten it later. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:11:21 +00:00
$this->assertDef('javascript:bad_stuff();', false);
$this->assertDef('ftp://www.example.com/');
$this->assertDef('news:rec.alt');
$this->assertDef('nntp://news.example.com/324234');
$this->assertDef('mailto:bob@example.com');
}
[2.1.0] Create new URI object and migrate URI validation systems to use it. URIScheme interface changed. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1334 48356398-32a2-884e-a903-53898d9a118a
2007-08-01 18:34:46 +00:00
function testIntegrationWithPercentEncoder() {
$this->assertDef(
'http://www.example.com/%56%fc%GJ%5%FC',
'http://www.example.com/V%FC%25GJ%255%FC'
);
[1.2.0] - Added %URI.DisableExternal, which prevents links to external websites. You can also use %URI.Host to permit absolute linking to subdomains - Fixed a few bugs involving null configuration values git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@522 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 03:35:41 +00:00
}
[1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src) git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 23:09:10 +00:00
function testEmbeds() {
$this->def = new HTMLPurifier_AttrDef_URI(true);
$this->assertDef('http://sub.example.com/alas?foo=asd');
$this->assertDef('mailto:foo@example.com', false);
[1.3.0] More control of URIs granted # Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false. ! New directives %URI.DisableExternalResources and %URI.DisableResources ! New directive %Attr.DisableURI, which eliminates all hyperlinking - Missing "Available since" documentation added git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 23:59:20 +00:00
}
[2.1.0] - AttrDef_URI unit tests refactored - Block access to benchmarks: they should be called via command line git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1328 48356398-32a2-884e-a903-53898d9a118a
2007-08-01 01:48:51 +00:00
function testConfigMunge() {
[1.3.0] New directive %URI.Munge, munges URI so you can use some sort of redirector service to avoid PageRank leaks or warn users that they are exiting your site. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@576 48356398-32a2-884e-a903-53898d9a118a
2006-11-24 00:29:16 +00:00
$this->config->set('URI', 'Munge', 'http://www.google.com/url?q=%s');
$this->assertDef(
'http://www.example.com/',
'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F'
);
$this->assertDef('index.html');
$this->assertDef('javascript:foobar();', false);
[1.3.0] New directive %URI.HostBlacklist for blocking links to bad hosts. xssAttacks.php smoketest updated accordingly. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@586 48356398-32a2-884e-a903-53898d9a118a
2006-11-26 23:14:12 +00:00
}
[2.1.0] Further refactoring of AttrDef_URI, creation of new URIFilter and URIDefinition subsystems. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1335 48356398-32a2-884e-a903-53898d9a118a
2007-08-02 01:12:27 +00:00
function test_validate_configDisableExternal() {
$this->def = new HTMLPurifier_AttrDef_URI();
$this->config->set('URI', 'DisableExternal', true);
$this->config->set('URI', 'Host', 'sub.example.com');
$this->assertDef('/foobar.txt');
$this->assertDef('http://google.com/', false);
$this->assertDef('http://sub.example.com/alas?foo=asd');
$this->assertDef('http://example.com/teehee', false);
$this->assertDef('http://www.example.com/#man', false);
$this->assertDef('http://go.sub.example.com/perhaps?p=foo');
}
function test_validate_configDisableExternalResources() {
$this->config->set('URI', 'DisableExternalResources', true);
$this->assertDef('http://sub.example.com/alas?foo=asd');
$this->assertDef('/img.png');
$this->def = new HTMLPurifier_AttrDef_URI(true);
$this->assertDef('http://sub.example.com/alas?foo=asd', false);
$this->assertDef('/img.png');
}
function test_validate_configBlacklist() {
$this->config->set('URI', 'HostBlacklist', array('example.com', 'moo'));
$this->assertDef('foo.txt');
$this->assertDef('http://www.google.com/example.com/moo');
$this->assertDef('http://example.com/#23', false);
$this->assertDef('https://sub.domain.example.com/foobar', false);
$this->assertDef('http://example.com.example.net/?whoo=foo', false);
$this->assertDef('ftp://moo-moo.net/foo/foo/', false);
}
/*
function test_validate_configWhitelist() {
$this->config->set('URI', 'HostPolicy', 'DenyAll');
$this->config->set('URI', 'HostWhitelist', array(null, 'google.com'));
$this->assertDef('http://example.com/fo/google.com', false);
$this->assertDef('server.txt');
$this->assertDef('ftp://www.google.com/?t=a');
$this->assertDef('http://google.com.tricky.spamsite.net', false);
}
*/
Commit initial URI unit tests and implementation. They're not complete yet though. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@206 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 01:12:35 +00:00
}
Remove trailing ?> in PHP library files, add trailing newlines to all other files. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1253 48356398-32a2-884e-a903-53898d9a118a
2007-06-27 13:58:32 +00:00
Copy Permalink