mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-18 11:41:52 +00:00
Commit a very lenient mailto checker. We'll tighten it later.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
d28bad648a
commit
4193fd018a
@ -47,7 +47,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
|||||||
// retrieve the specific scheme object from the registry
|
// retrieve the specific scheme object from the registry
|
||||||
$scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
|
$scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
|
||||||
$scheme_obj =& $registry->getScheme($scheme, $config);
|
$scheme_obj =& $registry->getScheme($scheme, $config);
|
||||||
if (!$scheme_obj) return ''; // invalid scheme, clean it out
|
if (!$scheme_obj) return false; // invalid scheme, clean it out
|
||||||
} else {
|
} else {
|
||||||
$scheme_obj =& $registry->getScheme(
|
$scheme_obj =& $registry->getScheme(
|
||||||
$config->get('URI', 'DefaultScheme'), $config
|
$config->get('URI', 'DefaultScheme'), $config
|
||||||
|
22
library/HTMLPurifier/URIScheme/mailto.php
Normal file
22
library/HTMLPurifier/URIScheme/mailto.php
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
require_once 'HTMLPurifier/URIScheme.php';
|
||||||
|
|
||||||
|
// VERY RELAXED! Shouldn't cause problems, not even Firefox checks if the
|
||||||
|
// email is valid, but be careful!
|
||||||
|
|
||||||
|
class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme {
|
||||||
|
|
||||||
|
function validateComponents(
|
||||||
|
$userinfo, $host, $port, $path, $query, $config
|
||||||
|
) {
|
||||||
|
list($userinfo, $host, $port, $path, $query) =
|
||||||
|
parent::validateComponents(
|
||||||
|
$userinfo, $host, $port, $path, $query, $config );
|
||||||
|
// we need to validate path against RFC 2368's addr-spec
|
||||||
|
return array(null, null, null, $path, $query);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
@ -145,7 +145,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
|
|||||||
|
|
||||||
// test invalid scheme, components shouldn't be passed
|
// test invalid scheme, components shouldn't be passed
|
||||||
$uri[17] = 'javascript:alert("moo");';
|
$uri[17] = 'javascript:alert("moo");';
|
||||||
$expect_uri[17] = '';
|
$expect_uri[17] = false;
|
||||||
|
|
||||||
// relative URIs
|
// relative URIs
|
||||||
|
|
||||||
@ -176,7 +176,7 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
|
|||||||
$this->config = isset($config[$i]) ? $config[$i] : null;
|
$this->config = isset($config[$i]) ? $config[$i] : null;
|
||||||
$this->context = isset($context[$i]) ? $context[$i] : null;
|
$this->context = isset($context[$i]) ? $context[$i] : null;
|
||||||
|
|
||||||
$this->assertDef($value, $expect_uri[$i], "Test $i: %s");
|
$this->assertDef($value, $expect_uri[$i], true, "Test $i: %s");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -216,6 +216,20 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
|
|||||||
$this->scheme->tally();
|
$this->scheme->tally();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testIntegration() {
|
||||||
|
|
||||||
|
$this->def = new HTMLPurifier_AttrDef_URI();
|
||||||
|
$this->config = $this->context = null;
|
||||||
|
|
||||||
|
$this->assertDef('http://www.google.com/');
|
||||||
|
$this->assertDef('javascript:bad_stuff();', false);
|
||||||
|
$this->assertDef('ftp://www.example.com/');
|
||||||
|
$this->assertDef('news:rec.alt');
|
||||||
|
$this->assertDef('nntp://news.example.com/324234');
|
||||||
|
$this->assertDef('mailto:bob@example.com');
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
@ -8,18 +8,18 @@ class HTMLPurifier_AttrDefHarness extends UnitTestCase
|
|||||||
var $config;
|
var $config;
|
||||||
|
|
||||||
// cannot be used for accumulator
|
// cannot be used for accumulator
|
||||||
function assertDef($string, $expect = true, $message = '%s') {
|
function assertDef($string, $expect = true, $ini = false, $message = '%s') {
|
||||||
// $expect can be a string or bool
|
// $expect can be a string or bool
|
||||||
if (!$this->config) $this->config = HTMLPurifier_Config::createDefault();
|
if (!$this->config) $this->config = HTMLPurifier_Config::createDefault();
|
||||||
if (!$this->context) $this->context = new HTMLPurifier_AttrContext();
|
if (!$this->context) $this->context = new HTMLPurifier_AttrContext();
|
||||||
$this->setUpAssertDef();
|
if ($ini) $this->setUpAssertDef();
|
||||||
$result = $this->def->validate($string, $this->config, $this->context);
|
$result = $this->def->validate($string, $this->config, $this->context);
|
||||||
if ($expect === true) {
|
if ($expect === true) {
|
||||||
$this->assertIdentical($string, $result, $message);
|
$this->assertIdentical($string, $result, $message);
|
||||||
} else {
|
} else {
|
||||||
$this->assertIdentical($expect, $result, $message);
|
$this->assertIdentical($expect, $result, $message);
|
||||||
}
|
}
|
||||||
$this->tearDownAssertDef();
|
if ($ini) $this->tearDownAssertDef();
|
||||||
}
|
}
|
||||||
|
|
||||||
function setUpAssertDef() {}
|
function setUpAssertDef() {}
|
||||||
|
@ -5,10 +5,13 @@ require_once 'HTMLPurifier/URIScheme.php';
|
|||||||
require_once 'HTMLPurifier/URIScheme/http.php';
|
require_once 'HTMLPurifier/URIScheme/http.php';
|
||||||
require_once 'HTMLPurifier/URIScheme/ftp.php';
|
require_once 'HTMLPurifier/URIScheme/ftp.php';
|
||||||
require_once 'HTMLPurifier/URIScheme/https.php';
|
require_once 'HTMLPurifier/URIScheme/https.php';
|
||||||
//require_once 'HTMLPurifier/URIScheme/mailto.php';
|
require_once 'HTMLPurifier/URIScheme/mailto.php';
|
||||||
require_once 'HTMLPurifier/URIScheme/news.php';
|
require_once 'HTMLPurifier/URIScheme/news.php';
|
||||||
require_once 'HTMLPurifier/URIScheme/nntp.php';
|
require_once 'HTMLPurifier/URIScheme/nntp.php';
|
||||||
|
|
||||||
|
// WARNING: All the URI schemes are far to relaxed, we need to tighten
|
||||||
|
// the checks.
|
||||||
|
|
||||||
class HTMLPurifier_URISchemeTest extends UnitTestCase
|
class HTMLPurifier_URISchemeTest extends UnitTestCase
|
||||||
{
|
{
|
||||||
|
|
||||||
@ -104,8 +107,7 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// mailto currently isn't implemented yet
|
function test_mailto() {
|
||||||
function non_test_mailto() {
|
|
||||||
|
|
||||||
$scheme = new HTMLPurifier_URIScheme_mailto();
|
$scheme = new HTMLPurifier_URIScheme_mailto();
|
||||||
$config = HTMLPurifier_Config::createDefault();
|
$config = HTMLPurifier_Config::createDefault();
|
||||||
@ -116,6 +118,12 @@ class HTMLPurifier_URISchemeTest extends UnitTestCase
|
|||||||
array(null, null, null, 'bob@example.com', null)
|
array(null, null, null, 'bob@example.com', null)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$this->assertIdentical(
|
||||||
|
$scheme->validateComponents(
|
||||||
|
'user', 'example.com', 80, 'bob@example.com', 'subject=Foo!', $config),
|
||||||
|
array(null, null, null, 'bob@example.com', 'subject=Foo!')
|
||||||
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user