htmlpurifier/tests/HTMLPurifierTest.php

<?php

require_once 'HTMLPurifier.php';

// integration test

class HTMLPurifierTest extends UnitTestCase
{
    var $purifier;
    
    function setUp() {
        $this->purifier = new HTMLPurifier();
    }
    
    function assertPurification($input, $expect = null, $config = array()) {
        if ($expect === null) $expect = $input;
        $result = $this->purifier->purify($input, $config);
        $this->assertIdentical($expect, $result);
    }
    
    function testNull() {
        $this->assertPurification("Null byte\0", "Null byte");
    }
    
    function testStrict() {
        $config = HTMLPurifier_Config::createDefault();
        $config->set('HTML', 'Strict', true);
        $this->purifier = new HTMLPurifier( $config ); // verbose syntax
        
        $this->assertPurification(
            '<u>Illegal underline</u>',
            '<span style="text-decoration:underline;">Illegal underline</span>'
        );
        
        $this->assertPurification(
            '<blockquote>Illegal contents</blockquote>',
            '<blockquote><p>Illegal contents</p></blockquote>'
        );
        
    }
    
    function testDifferentAllowedElements() {
        
        $this->purifier = new HTMLPurifier(array(
            'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
            'HTML.AllowedAttributes' => array('a.href', '*.id')
        ));
        
        $this->assertPurification(
            '<p>Par.</p><p>Para<a href="http://google.com/">gr</a>aph</p>Text<b>Bol<i>d</i></b>'
        );
        
        $this->assertPurification(
            '<span>Not allowed</span><a class="mef" id="foobar">Foobar</a>',
            'Not allowed<a>Foobar</a>' // no ID!!!
        );
        
    }
    
    function testDisableURI() {
        
        $this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );
        
        $this->assertPurification(
            '<img src="foobar"/>',
            ''
        );
        
    }
    
    function test_purifyArray() {
        
        $this->purifier = new HTMLPurifier();
        
        $this->assertIdentical(
            $this->purifier->purifyArray(
                array('Good', '<b>Sketchy', 'foo' => '<script>bad</script>')
            ),
            array('Good', '<b>Sketchy</b>', 'foo' => '')
        );
        
        $this->assertIsA($this->purifier->context, 'array');
        
    }
    
    function testEnableAttrID() {
        
        $this->purifier = new HTMLPurifier();
        
        $this->assertPurification(
            '<span id="moon">foobar</span>',
            '<span>foobar</span>'
        );
        
        $this->purifier = new HTMLPurifier(array('HTML.EnableAttrID' => true));
        $this->assertPurification('<span id="moon">foobar</span>');
        
    }
    
    function testScript() {
        $this->purifier = new HTMLPurifier(array('HTML.Trusted' => true));
        $ideal = '<script type="text/javascript"><!--//--><![CDATA[//><!--
alert("<This is compatible with XHTML>");
//--><!]]></script>';
        
        $this->assertPurification($ideal);
        
        $this->assertPurification(
            '<script type="text/javascript"><![CDATA[
alert("<This is compatible with XHTML>");
]]></script>',
            $ideal
        );
        
        $this->assertPurification(
            '<script type="text/javascript">alert("<This is compatible with XHTML>");</script>',
            $ideal
        );
        
        $this->assertPurification(
            '<script type="text/javascript"><!--
alert("<This is compatible with XHTML>");
//--></script>',
            $ideal
        );
        
        $this->assertPurification(
            '<script type="text/javascript"><![CDATA[
alert("<This is compatible with XHTML>");
//]]></script>',
            $ideal
        );
    }
    
}
Merged 371:372 from branches/1.0/ to trunk/ - Add integration test. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@374 48356398-32a2-884e-a903-53898d9a118a 2006-09-01 17:56:55 +00:00			`<?php`

			`require_once 'HTMLPurifier.php';`

			`// integration test`

Rewire test runner to use full path to test file, this means we can introduce new namespaces. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1102 48356398-32a2-884e-a903-53898d9a118a 2007-05-28 02:29:48 +00:00			`class HTMLPurifierTest extends UnitTestCase`
Merged 371:372 from branches/1.0/ to trunk/ - Add integration test. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@374 48356398-32a2-884e-a903-53898d9a118a 2006-09-01 17:56:55 +00:00			`{`
			`var $purifier;`

[1.3.0] More control of URIs granted # Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false. ! New directives %URI.DisableExternalResources and %URI.DisableResources ! New directive %Attr.DisableURI, which eliminates all hyperlinking - Missing "Available since" documentation added git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a 2006-11-23 23:59:20 +00:00			`function setUp() {`
			`$this->purifier = new HTMLPurifier();`
			`}`

[2.0.1] Improve special case handling for <script> - DirectLex now honors comments with greater than or less than signs in them - Comments are transformed into script elements, ending comments are scrapped - Buggy generator code rewritten to be more error-proof - AttrValidator checks if token has attributes before processing - Remove invalid documentation from Scripting - "Commenting" of script elements switched to the more advanced version git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1189 48356398-32a2-884e-a903-53898d9a118a 2007-06-21 14:44:26 +00:00			`function assertPurification($input, $expect = null, $config = array()) {`
[1.0.1] Fixed rejection of inline style declarations that had lots of extra space in them. This manifested in TinyMCE. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@382 48356398-32a2-884e-a903-53898d9a118a 2006-09-04 23:01:47 +00:00			`if ($expect === null) $expect = $input;`
[2.0.1] Improve special case handling for <script> - DirectLex now honors comments with greater than or less than signs in them - Comments are transformed into script elements, ending comments are scrapped - Buggy generator code rewritten to be more error-proof - AttrValidator checks if token has attributes before processing - Remove invalid documentation from Scripting - "Commenting" of script elements switched to the more advanced version git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1189 48356398-32a2-884e-a903-53898d9a118a 2007-06-21 14:44:26 +00:00			`$result = $this->purifier->purify($input, $config);`
Merged 371:372 from branches/1.0/ to trunk/ - Add integration test. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@374 48356398-32a2-884e-a903-53898d9a118a 2006-09-01 17:56:55 +00:00			`$this->assertIdentical($expect, $result);`
			`}`

[1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a 2006-11-22 18:17:39 +00:00			`function testNull() {`
			`$this->assertPurification("Null byte\0", "Null byte");`
			`}`

			`function testStrict() {`
Merged 371:372 from branches/1.0/ to trunk/ - Add integration test. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@374 48356398-32a2-884e-a903-53898d9a118a 2006-09-01 17:56:55 +00:00			`$config = HTMLPurifier_Config::createDefault();`
[1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a 2006-11-22 18:17:39 +00:00			`$config->set('HTML', 'Strict', true);`
[1.3.2] ! HTMLPurifier object now accepts configuration arrays, no need to manually instantiate a configuration object ! Context object now accessible to outside . HTMLPurifier_Config::create() added, takes mixed variable and converts into a HTMLPurifier_Config object. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@611 48356398-32a2-884e-a903-53898d9a118a 2006-12-15 02:12:03 +00:00			`$this->purifier = new HTMLPurifier( $config ); // verbose syntax`
[1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a 2006-11-22 18:17:39 +00:00
			`$this->assertPurification(`
			`'<u>Illegal underline</u>',`
[1.7.0] Implement u, s, and strike tag transforms - Extend Simple so that it can accept some light CSS - Remove Center transform in favor of Simple git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1081 48356398-32a2-884e-a903-53898d9a118a 2007-05-20 21:22:54 +00:00			`'<span style="text-decoration:underline;">Illegal underline</span>'`
[1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a 2006-11-22 18:17:39 +00:00			`);`

			`$this->assertPurification(`
			`'<blockquote>Illegal contents</blockquote>',`
[1.3.0] Huge upgrade, (X)HTML Strict now supported + Transparently handles inline elements in block context (blockquote) ! Added GET method to demo for easier validation, added 50kb max input size ! New directive %HTML.BlockWrapper, for block-ifying inline elements ! New directive %HTML.Parent, allows you to only allow inline content - Added missing type to ChildDef_Chameleon . ChildDef_Required guards against empty tags . Lookup table HTMLDefinition->info_flow_elements added . Added peace-of-mind variable initialization to Strategy_FixNesting git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@560 48356398-32a2-884e-a903-53898d9a118a 2006-11-23 03:23:35 +00:00			`'<blockquote><p>Illegal contents</p></blockquote>'`
[1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a 2006-11-22 18:17:39 +00:00			`);`

Merged 371:372 from branches/1.0/ to trunk/ - Add integration test. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@374 48356398-32a2-884e-a903-53898d9a118a 2006-09-01 17:56:55 +00:00			`}`
[1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a 2006-11-22 18:17:39 +00:00
[1.3.0] New directives %HTML.AllowedElements and %HTML.AllowedAttributes to let users narrow the set of allowed tags . Added HTMLPurifier->info_parent_def, parent child processing made special git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@565 48356398-32a2-884e-a903-53898d9a118a 2006-11-23 13:51:19 +00:00			`function testDifferentAllowedElements() {`
[1.3.2] ! HTMLPurifier object now accepts configuration arrays, no need to manually instantiate a configuration object ! Context object now accessible to outside . HTMLPurifier_Config::create() added, takes mixed variable and converts into a HTMLPurifier_Config object. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@611 48356398-32a2-884e-a903-53898d9a118a 2006-12-15 02:12:03 +00:00
			`$this->purifier = new HTMLPurifier(array(`
			`'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),`
			`'HTML.AllowedAttributes' => array('a.href', '*.id')`
			`));`
[1.3.0] New directives %HTML.AllowedElements and %HTML.AllowedAttributes to let users narrow the set of allowed tags . Added HTMLPurifier->info_parent_def, parent child processing made special git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@565 48356398-32a2-884e-a903-53898d9a118a 2006-11-23 13:51:19 +00:00
			`$this->assertPurification(`
			`'<p>Par.</p><p>Para<a href="http://google.com/">gr</a>aph</p>Text<b>Bol<i>d</i></b>'`
			`);`

			`$this->assertPurification(`
			`'<span>Not allowed</span><a class="mef" id="foobar">Foobar</a>',`
			`'Not allowed<a>Foobar</a>' // no ID!!!`
			`);`

			`}`

[1.3.0] More control of URIs granted # Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false. ! New directives %URI.DisableExternalResources and %URI.DisableResources ! New directive %Attr.DisableURI, which eliminates all hyperlinking - Missing "Available since" documentation added git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a 2006-11-23 23:59:20 +00:00			`function testDisableURI() {`

[1.3.2] ! HTMLPurifier object now accepts configuration arrays, no need to manually instantiate a configuration object ! Context object now accessible to outside . HTMLPurifier_Config::create() added, takes mixed variable and converts into a HTMLPurifier_Config object. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@611 48356398-32a2-884e-a903-53898d9a118a 2006-12-15 02:12:03 +00:00			`$this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );`
[1.3.0] More control of URIs granted # Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false. ! New directives %URI.DisableExternalResources and %URI.DisableResources ! New directive %Attr.DisableURI, which eliminates all hyperlinking - Missing "Available since" documentation added git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a 2006-11-23 23:59:20 +00:00
			`$this->assertPurification(`
			`'<img src="foobar"/>',`
			`''`
			`);`

			`}`

[1.3.2] Added purifyArray(), which takes a list of HTML and purifies it all git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@615 48356398-32a2-884e-a903-53898d9a118a 2006-12-20 23:51:09 +00:00			`function test_purifyArray() {`

			`$this->purifier = new HTMLPurifier();`

[1.6.1] Unit tests now use exclusively assertIdentical git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1024 48356398-32a2-884e-a903-53898d9a118a 2007-05-05 20:17:04 +00:00			`$this->assertIdentical(`
[1.3.2] Added purifyArray(), which takes a list of HTML and purifies it all git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@615 48356398-32a2-884e-a903-53898d9a118a 2006-12-20 23:51:09 +00:00			`$this->purifier->purifyArray(`
			`array('Good', '<b>Sketchy', 'foo' => '<script>bad</script>')`
			`),`
[1.7.0] Contents between <script> tags are now completely removed if <script> is not allowed git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1145 48356398-32a2-884e-a903-53898d9a118a 2007-06-16 19:31:45 +00:00			`array('Good', '<b>Sketchy</b>', 'foo' => '')`
[1.3.2] Added purifyArray(), which takes a list of HTML and purifies it all git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@615 48356398-32a2-884e-a903-53898d9a118a 2006-12-20 23:51:09 +00:00			`);`

			`$this->assertIsA($this->purifier->context, 'array');`

			`}`

[1.5.0] Implement Legacy module. - Yet another test EnableAttrID - ElementDef now is mindful of attr inclusion merges git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@732 48356398-32a2-884e-a903-53898d9a118a 2007-02-11 01:52:56 +00:00			`function testEnableAttrID() {`

			`$this->purifier = new HTMLPurifier();`

			`$this->assertPurification(`
			`'<span id="moon">foobar</span>',`
			`'<span>foobar</span>'`
			`);`

			`$this->purifier = new HTMLPurifier(array('HTML.EnableAttrID' => true));`
			`$this->assertPurification('<span id="moon">foobar</span>');`

			`}`

[2.0.1] Improve special case handling for <script> - DirectLex now honors comments with greater than or less than signs in them - Comments are transformed into script elements, ending comments are scrapped - Buggy generator code rewritten to be more error-proof - AttrValidator checks if token has attributes before processing - Remove invalid documentation from Scripting - "Commenting" of script elements switched to the more advanced version git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1189 48356398-32a2-884e-a903-53898d9a118a 2007-06-21 14:44:26 +00:00			`function testScript() {`
			`$this->purifier = new HTMLPurifier(array('HTML.Trusted' => true));`
			`$ideal = '<script type="text/javascript"><!--//--><![CDATA[//><!--`
			`alert("<This is compatible with XHTML>");`
			`//--><!]]></script>';`

			`$this->assertPurification($ideal);`

			`$this->assertPurification(`
			`'<script type="text/javascript"><![CDATA[`
			`alert("<This is compatible with XHTML>");`
			`]]></script>',`
			`$ideal`
			`);`

			`$this->assertPurification(`
			`'<script type="text/javascript">alert("<This is compatible with XHTML>");</script>',`
			`$ideal`
			`);`

			`$this->assertPurification(`
			`'<script type="text/javascript"><!--`
			`alert("<This is compatible with XHTML>");`
			`//--></script>',`
			`$ideal`
			`);`

			`$this->assertPurification(`
			`'<script type="text/javascript"><![CDATA[`
			`alert("<This is compatible with XHTML>");`
			`//]]></script>',`
			`$ideal`
			`);`
			`}`

Merged 371:372 from branches/1.0/ to trunk/ - Add integration test. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@374 48356398-32a2-884e-a903-53898d9a118a 2006-09-01 17:56:55 +00:00			`}`