htmlpurifier/tests/HTMLPurifier/Injector/SafeObjectTest.php

<?php

/**
 * This test is kinda weird, because it doesn't test the full safe object
 * functionality, just a small section of it. Or maybe it's actually the right
 * way.
 */
class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness
{

    public function setup()
    {
        parent::setup();
        // there is no AutoFormat.SafeObject directive
        $this->config->set('AutoFormat.Custom', array(new HTMLPurifier_Injector_SafeObject()));
        $this->config->set('HTML.Trusted', true);
    }

    public function testPreserve()
    {
        $this->assertResult(
            '<b>asdf</b>'
        );
    }

    public function testRemoveStrayParam()
    {
        $this->assertResult(
            '<param />',
            ''
        );
    }

    public function testEditObjectParam()
    {
        $this->assertResult(
            '<object></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreStrayParam()
    {
        $this->assertResult(
            '<object><param /></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreDuplicates()
    {
        $this->assertResult(
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreBogusData()
    {
        $this->assertResult(
            '<object><param name="allowscriptaccess" value="always" /><param name="allowNetworking" value="always" /></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreInvalidData()
    {
        $this->assertResult(
            '<object><param name="foo" value="bar" /></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testKeepValidData()
    {
        $this->assertResult(
            '<object><param name="movie" value="bar" /></object>',
            '<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>'
        );
    }

    public function testNested()
    {
        $this->assertResult(
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>'
        );
    }

    public function testNotActuallyNested()
    {
        $this->assertResult(
            '<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>'
        );
    }

    public function testCaseInsensitive()
    {
        $this->assertResult(
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="flashVars" value="a" /><param name="FlashVars" value="b" /></object>'
        );
    }

}

// vim: et sw=4 sts=4
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`<?php`

			`/**`
			`* This test is kinda weird, because it doesn't test the full safe object`
			`* functionality, just a small section of it. Or maybe it's actually the right`
			`* way.`
			`*/`
			`class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness`
			`{`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function setup()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`parent::setup();`
Implement %AutoFormat.RemoveEmpty, end to start ref, and injector rewind. Injector rewind: Injectors can now use the method rewind() in order to move the input index backwards, so that they can reprocess tokens (other injectors are not affected by a rewind). This functionality was necessary to implement nested node removals in %AutoFormat.RemoveEmpty. End to start ref: To facilitate rewinding, HTMLPurifier_Token_End now maintains a reference called $start to the starting token for their node. %AutoFormat.RemoveEmpty removes empty nodes. Lots of people have requested it, so here is a partially effective implementation. Because it is implemented as an Injector, it's not possible for it to handle newly introduced empty nodes by later validators, specifically auto-closing and child validation. The Injector is only meant to be used on HTML-ish languages. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-06-27 20:09:14 +00:00			`// there is no AutoFormat.SafeObject directive`
Convert all to new configuration get/set format. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2009-02-20 00:17:49 +00:00			`$this->config->set('AutoFormat.Custom', array(new HTMLPurifier_Injector_SafeObject()));`
			`$this->config->set('HTML.Trusted', true);`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testPreserve()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<b>asdf</b>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testRemoveStrayParam()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<param />',`
			`''`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testEditObjectParam()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<object></object>',`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testIgnoreStrayParam()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<object><param /></object>',`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testIgnoreDuplicates()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testIgnoreBogusData()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
Fix #57, make flashvars check (and others) case-insensitive. Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu> 2016-03-27 22:56:30 +00:00			`'<object><param name="allowscriptaccess" value="always" /><param name="allowNetworking" value="always" /></object>',`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testIgnoreInvalidData()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<object><param name="foo" value="bar" /></object>',`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testKeepValidData()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<object><param name="movie" value="bar" /></object>',`
Fix broken tests. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1795 48356398-32a2-884e-a903-53898d9a118a 2008-06-12 03:12:39 +00:00			`'<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>'`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testNested()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>',`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
PSR-2 reformatting PHPDoc corrections With minor corrections. Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu> 2013-07-16 11:56:14 +00:00			`public function testNotActuallyNested()`
			`{`
[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`$this->assertResult(`
			`'<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>',`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>'`
			`);`
			`}`
Remove trailing whitespace. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 07:28:20 +00:00
Fix #57, make flashvars check (and others) case-insensitive. Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu> 2016-03-27 22:56:30 +00:00			`public function testCaseInsensitive()`
			`{`
			`$this->assertResult(`
			`'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="flashVars" value="a" /><param name="FlashVars" value="b" /></object>'`
			`);`
			`}`

[3.1.1] Implement SafeObject. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a 2008-06-10 00:13:44 +00:00			`}`

Add vim modelines to all files. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> 2008-12-06 09:24:59 +00:00			`// vim: et sw=4 sts=4`