mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
[3.1.0] Fix ScriptRequired bug with trusted installs
- Generator now takes $config and $context during instantiation - Double quotes outside of attributes are not escaped git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1700 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
be2cfb7918
commit
4b862f64e6
4
NEWS
4
NEWS
@ -43,12 +43,16 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
- Missing (or null) in configdoc documentation restored
|
||||
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
|
||||
of DOM), HTML Purifier punts to DirectLex
|
||||
- Fatal error with unserialization of ScriptRequired
|
||||
. Out-of-date documentation revised
|
||||
. UTF-8 encoding check optimization as suggested by Diego
|
||||
. HTMLPurifier_Error removed in favor of exceptions
|
||||
. More copy() function removed; should use clone instead
|
||||
. More extensive unit tests for HTMLDefinition
|
||||
. assertPurification moved to central harness
|
||||
. HTMLPurifier_Generator accepts $config and $context parameters during
|
||||
instantiation, not runtime
|
||||
. Double-quotes outside of attribute values are now unescaped
|
||||
|
||||
3.1.0rc1, released 2008-04-22
|
||||
# Autoload support added. Internal require_once's removed in favor of an
|
||||
|
2
TODO
2
TODO
@ -13,6 +13,8 @@ afraid to cast your vote for the next feature to be implemented!
|
||||
|
||||
- Get PH5P working with the latest versions of DOM, which have much more
|
||||
stringent error checking procedures. Maybe convert straight to tokens.
|
||||
- Figure out what to do with $this->config configuration object calls
|
||||
in the scanner
|
||||
|
||||
FUTURE VERSIONS
|
||||
---------------
|
||||
|
@ -2,7 +2,7 @@
|
||||
<usage>
|
||||
<directive id="Core.CollectErrors">
|
||||
<file name="HTMLPurifier.php">
|
||||
<line>132</line>
|
||||
<line>131</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>85</line>
|
||||
@ -91,17 +91,7 @@
|
||||
</directive>
|
||||
<directive id="Output.CommentScriptContents">
|
||||
<file name="HTMLPurifier/Generator.php">
|
||||
<line>37</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Output.TidyFormat">
|
||||
<file name="HTMLPurifier/Generator.php">
|
||||
<line>58</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Output.Newline">
|
||||
<file name="HTMLPurifier/Generator.php">
|
||||
<line>83</line>
|
||||
<line>41</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="HTML.BlockWrapper">
|
||||
|
@ -116,6 +116,7 @@ require 'HTMLPurifier/AttrTransform/ImgSpace.php';
|
||||
require 'HTMLPurifier/AttrTransform/Lang.php';
|
||||
require 'HTMLPurifier/AttrTransform/Length.php';
|
||||
require 'HTMLPurifier/AttrTransform/Name.php';
|
||||
require 'HTMLPurifier/AttrTransform/ScriptRequired.php';
|
||||
require 'HTMLPurifier/ChildDef/Chameleon.php';
|
||||
require 'HTMLPurifier/ChildDef/Custom.php';
|
||||
require 'HTMLPurifier/ChildDef/Empty.php';
|
||||
|
@ -90,7 +90,6 @@ class HTMLPurifier
|
||||
$this->config = HTMLPurifier_Config::create($config);
|
||||
|
||||
$this->strategy = new HTMLPurifier_Strategy_Core();
|
||||
$this->generator = new HTMLPurifier_Generator();
|
||||
|
||||
}
|
||||
|
||||
@ -124,8 +123,8 @@ class HTMLPurifier
|
||||
|
||||
$context = new HTMLPurifier_Context();
|
||||
|
||||
// our friendly neighborhood generator, all primed with configuration too!
|
||||
$this->generator->generateFromTokens(array(), $config, $context);
|
||||
// setup HTML generator
|
||||
$this->generator = new HTMLPurifier_Generator($config, $context);
|
||||
$context->register('Generator', $this->generator);
|
||||
|
||||
// set up global context variables
|
||||
@ -178,8 +177,7 @@ class HTMLPurifier
|
||||
$html, $config, $context
|
||||
),
|
||||
$config, $context
|
||||
),
|
||||
$config, $context
|
||||
)
|
||||
);
|
||||
|
||||
for ($i = $filter_size - 1; $i >= 0; $i--) {
|
||||
|
@ -110,6 +110,7 @@ require_once $__dir . '/HTMLPurifier/AttrTransform/ImgSpace.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrTransform/ScriptRequired.php';
|
||||
require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php';
|
||||
require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php';
|
||||
require_once $__dir . '/HTMLPurifier/ChildDef/Empty.php';
|
||||
|
14
library/HTMLPurifier/AttrTransform/ScriptRequired.php
Normal file
14
library/HTMLPurifier/AttrTransform/ScriptRequired.php
Normal file
@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Implements required attribute stipulation for <script>
|
||||
*/
|
||||
class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
public function transform($attr, $config, $context) {
|
||||
if (!isset($attr['type'])) {
|
||||
$attr['type'] = 'text/javascript';
|
||||
}
|
||||
return $attr;
|
||||
}
|
||||
}
|
@ -11,78 +11,79 @@ class HTMLPurifier_Generator
|
||||
{
|
||||
|
||||
/**
|
||||
* Bool cache of %HTML.XHTML
|
||||
* Whether or not generator should produce XML output
|
||||
*/
|
||||
private $_xhtml = true;
|
||||
|
||||
/**
|
||||
* Bool cache of %Output.CommentScriptContents
|
||||
* :HACK: Whether or not generator should comment the insides of <script> tags
|
||||
*/
|
||||
private $_scriptFix = false;
|
||||
|
||||
/**
|
||||
* Cache of HTMLDefinition
|
||||
* Cache of HTMLDefinition during HTML output to determine whether or
|
||||
* not attributes should be minimized.
|
||||
*/
|
||||
private $_def;
|
||||
|
||||
/**
|
||||
* Configuration for the generator
|
||||
*/
|
||||
private $_config;
|
||||
|
||||
/**
|
||||
* @param $config Instance of HTMLPurifier_Config
|
||||
* @param $context Instance of HTMLPurifier_Context
|
||||
*/
|
||||
public function __construct($config = null, $context = null) {
|
||||
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
||||
$this->_config = $config;
|
||||
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
|
||||
$this->_def = $config->getHTMLDefinition();
|
||||
$this->_xhtml = $this->_def->doctype->xml;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates HTML from an array of tokens.
|
||||
* @param $tokens Array of HTMLPurifier_Token
|
||||
* @param $config HTMLPurifier_Config object
|
||||
* @return Generated HTML
|
||||
*/
|
||||
public function generateFromTokens($tokens, $config, $context) {
|
||||
$html = '';
|
||||
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
||||
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
|
||||
|
||||
$this->_def = $config->getHTMLDefinition();
|
||||
$this->_xhtml = $this->_def->doctype->xml;
|
||||
|
||||
public function generateFromTokens($tokens) {
|
||||
if (!$tokens) return '';
|
||||
|
||||
// Basic algorithm
|
||||
$html = '';
|
||||
for ($i = 0, $size = count($tokens); $i < $size; $i++) {
|
||||
if ($this->_scriptFix && $tokens[$i]->name === 'script'
|
||||
&& $i + 2 < $size && $tokens[$i+2] instanceof HTMLPurifier_Token_End) {
|
||||
// script special case
|
||||
// the contents of the script block must be ONE token
|
||||
// for this to work
|
||||
// for this to work.
|
||||
$html .= $this->generateFromToken($tokens[$i++]);
|
||||
$html .= $this->generateScriptFromToken($tokens[$i++]);
|
||||
// We're not going to do this: it wouldn't be valid anyway
|
||||
//while ($tokens[$i]->name != 'script') {
|
||||
// $html .= $this->generateScriptFromToken($tokens[$i++]);
|
||||
//}
|
||||
}
|
||||
$html .= $this->generateFromToken($tokens[$i]);
|
||||
}
|
||||
if ($config->get('Output', 'TidyFormat') && extension_loaded('tidy')) {
|
||||
|
||||
$tidy_options = array(
|
||||
// Tidy cleanup
|
||||
if (extension_loaded('tidy') && $this->_config->get('Output', 'TidyFormat')) {
|
||||
$tidy = new Tidy;
|
||||
$tidy->parseString($html, array(
|
||||
'indent'=> true,
|
||||
'output-xhtml' => $this->_xhtml,
|
||||
'show-body-only' => true,
|
||||
'indent-spaces' => 2,
|
||||
'wrap' => 68,
|
||||
);
|
||||
if (version_compare(PHP_VERSION, '5', '<')) {
|
||||
tidy_set_encoding('utf8');
|
||||
foreach ($tidy_options as $key => $value) {
|
||||
tidy_setopt($key, $value);
|
||||
}
|
||||
tidy_parse_string($html);
|
||||
tidy_clean_repair();
|
||||
$html = tidy_get_output();
|
||||
} else {
|
||||
$tidy = new Tidy;
|
||||
$tidy->parseString($html, $tidy_options, 'utf8');
|
||||
), 'utf8');
|
||||
$tidy->cleanRepair();
|
||||
$html = (string) $tidy;
|
||||
$html = (string) $tidy; // explicit cast necessary
|
||||
}
|
||||
}
|
||||
// normalize newlines to system
|
||||
$nl = $config->get('Output', 'Newline');
|
||||
|
||||
// Normalize newlines to system defined value
|
||||
$nl = $this->_config->get('Output', 'Newline');
|
||||
if ($nl === null) $nl = PHP_EOL;
|
||||
$html = str_replace("\n", $nl, $html);
|
||||
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
|
||||
return $html;
|
||||
}
|
||||
|
||||
@ -92,8 +93,11 @@ class HTMLPurifier_Generator
|
||||
* @return Generated HTML
|
||||
*/
|
||||
public function generateFromToken($token) {
|
||||
if (!$token instanceof HTMLPurifier_Token) return '';
|
||||
if ($token instanceof HTMLPurifier_Token_Start) {
|
||||
if (!$token instanceof HTMLPurifier_Token) {
|
||||
trigger_error('Cannot generate HTML from non-HTMLPurifier_Token object', E_USER_WARNING);
|
||||
return '';
|
||||
|
||||
} elseif ($token instanceof HTMLPurifier_Token_Start) {
|
||||
$attr = $this->generateAttributes($token->attr, $token->name);
|
||||
return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>';
|
||||
|
||||
@ -103,11 +107,11 @@ class HTMLPurifier_Generator
|
||||
} elseif ($token instanceof HTMLPurifier_Token_Empty) {
|
||||
$attr = $this->generateAttributes($token->attr, $token->name);
|
||||
return '<' . $token->name . ($attr ? ' ' : '') . $attr .
|
||||
( $this->_xhtml ? ' /': '' )
|
||||
( $this->_xhtml ? ' /': '' ) // <br /> v. <br>
|
||||
. '>';
|
||||
|
||||
} elseif ($token instanceof HTMLPurifier_Token_Text) {
|
||||
return $this->escape($token->data);
|
||||
return $this->escape($token->data, ENT_NOQUOTES);
|
||||
|
||||
} elseif ($token instanceof HTMLPurifier_Token_Comment) {
|
||||
return '<!--' . $token->data . '-->';
|
||||
@ -124,25 +128,27 @@ class HTMLPurifier_Generator
|
||||
*/
|
||||
public function generateScriptFromToken($token) {
|
||||
if (!$token instanceof HTMLPurifier_Token_Text) return $this->generateFromToken($token);
|
||||
// return '<!--' . "\n" . trim($token->data) . "\n" . '// -->';
|
||||
// more advanced version:
|
||||
// thanks <http://lachy.id.au/log/2005/05/script-comments>
|
||||
// Thanks <http://lachy.id.au/log/2005/05/script-comments>
|
||||
$data = preg_replace('#//\s*$#', '', $token->data);
|
||||
return '<!--//--><![CDATA[//><!--' . "\n" . trim($data) . "\n" . '//--><!]]>';
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates attribute declarations from attribute array.
|
||||
* @note This does not include the leading or trailing space.
|
||||
* @param $assoc_array_of_attributes Attribute array
|
||||
* @param $element Name of element attributes are for, used to check
|
||||
* attribute minimization.
|
||||
* @return Generate HTML fragment for insertion.
|
||||
*/
|
||||
public function generateAttributes($assoc_array_of_attributes, $element) {
|
||||
public function generateAttributes($assoc_array_of_attributes, $element = false) {
|
||||
$html = '';
|
||||
foreach ($assoc_array_of_attributes as $key => $value) {
|
||||
if (!$this->_xhtml) {
|
||||
// remove namespaced attributes
|
||||
// Remove namespaced attributes
|
||||
if (strpos($key, ':') !== false) continue;
|
||||
if (!empty($this->_def->info[$element]->attr[$key]->minimized)) {
|
||||
// Check if we should minimize the attribute: val="val" -> val
|
||||
if ($element && !empty($this->_def->info[$element]->attr[$key]->minimized)) {
|
||||
$html .= $key . ' ';
|
||||
continue;
|
||||
}
|
||||
@ -154,11 +160,16 @@ class HTMLPurifier_Generator
|
||||
|
||||
/**
|
||||
* Escapes raw text data.
|
||||
* @todo This really ought to be protected, but until we have a facility
|
||||
* for properly generating HTML here w/o using tokens, it stays
|
||||
* public.
|
||||
* @param $string String data to escape for HTML.
|
||||
* @param $quote Quoting style, like htmlspecialchars. ENT_NOQUOTES is
|
||||
* permissible for non-attribute output.
|
||||
* @return String escaped data.
|
||||
*/
|
||||
public function escape($string) {
|
||||
return htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
|
||||
public function escape($string, $quote = ENT_COMPAT) {
|
||||
return htmlspecialchars($string, $quote, 'UTF-8');
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -7,19 +7,6 @@ INSIDE HTML PURIFIER DOCUMENTS. USE ONLY WITH TRUSTED USER INPUT!!!
|
||||
|
||||
*/
|
||||
|
||||
/**
|
||||
* Implements required attribute stipulation for <script>
|
||||
*/
|
||||
class HTMLPurifier_AttrTransform_ScriptRequired extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
public function transform($attr, $config, $context) {
|
||||
if (!isset($attr['type'])) {
|
||||
$attr['type'] = 'text/javascript';
|
||||
}
|
||||
return $attr;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* XHTML 1.1 Scripting module, defines elements that are used to contain
|
||||
* information pertaining to executable scripts or the lack of support
|
||||
|
@ -35,11 +35,6 @@ class HTMLPurifier_ComplexHarness extends HTMLPurifier_Harness
|
||||
*/
|
||||
protected $lexer;
|
||||
|
||||
/**
|
||||
* Instance of HTMLPurifier_Generator
|
||||
*/
|
||||
protected $generator;
|
||||
|
||||
/**
|
||||
* Default config to fall back on if no config is available
|
||||
*/
|
||||
@ -52,7 +47,6 @@ class HTMLPurifier_ComplexHarness extends HTMLPurifier_Harness
|
||||
|
||||
public function __construct() {
|
||||
$this->lexer = new HTMLPurifier_Lexer_DirectLex();
|
||||
$this->generator = new HTMLPurifier_Generator();
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
@ -110,7 +104,8 @@ class HTMLPurifier_ComplexHarness extends HTMLPurifier_Harness
|
||||
* Generate textual HTML from tokens
|
||||
*/
|
||||
protected function generate($tokens) {
|
||||
return $this->generator->generateFromTokens($tokens, $this->config, $this->context);
|
||||
$generator = new HTMLPurifier_Generator($this->config, $this->context);
|
||||
return $generator->generateFromTokens($tokens);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,108 +1,152 @@
|
||||
<?php
|
||||
|
||||
class HTMLPurifier_GeneratorTest extends HTMLPurifier_ComplexHarness
|
||||
class HTMLPurifier_GeneratorTest extends HTMLPurifier_Harness
|
||||
{
|
||||
|
||||
protected $gen;
|
||||
protected $_entity_lookup;
|
||||
protected $config;
|
||||
/**
|
||||
* Entity lookup table to help for a few tests.
|
||||
*/
|
||||
private $_entity_lookup;
|
||||
|
||||
public function __construct() {
|
||||
parent::__construct();
|
||||
$this->gen = new HTMLPurifier_Generator();
|
||||
$this->_entity_lookup = HTMLPurifier_EntityLookup::instance();
|
||||
}
|
||||
|
||||
public function setUp() {
|
||||
$this->obj = new HTMLPurifier_Generator();
|
||||
$this->func = null;
|
||||
$this->to_tokens = false;
|
||||
$this->to_html = false;
|
||||
parent::setUp();
|
||||
$this->config->set('Output', 'Newline', "\n");
|
||||
}
|
||||
|
||||
function test_generateFromToken() {
|
||||
/**
|
||||
* Creates a generator based on config and context member variables.
|
||||
*/
|
||||
protected function createGenerator() {
|
||||
return new HTMLPurifier_Generator($this->config, $this->context);
|
||||
}
|
||||
|
||||
$inputs = $expect = array();
|
||||
protected function assertGenerateFromToken($token, $html) {
|
||||
$generator = $this->createGenerator();
|
||||
$result = $generator->generateFromToken($token);
|
||||
$this->assertIdentical($result, $html);
|
||||
}
|
||||
|
||||
$inputs[0] = new HTMLPurifier_Token_Text('Foobar.<>');
|
||||
$expect[0] = 'Foobar.<>';
|
||||
function test_generateFromToken_text() {
|
||||
$this->assertGenerateFromToken(
|
||||
new HTMLPurifier_Token_Text('Foobar.<>'),
|
||||
'Foobar.<>'
|
||||
);
|
||||
}
|
||||
|
||||
$inputs[1] = new HTMLPurifier_Token_Start('a',
|
||||
function test_generateFromToken_startWithAttr() {
|
||||
$this->assertGenerateFromToken(
|
||||
new HTMLPurifier_Token_Start('a',
|
||||
array('href' => 'dyn?a=foo&b=bar')
|
||||
),
|
||||
'<a href="dyn?a=foo&b=bar">'
|
||||
);
|
||||
$expect[1] = '<a href="dyn?a=foo&b=bar">';
|
||||
}
|
||||
|
||||
$inputs[2] = new HTMLPurifier_Token_End('b');
|
||||
$expect[2] = '</b>';
|
||||
function test_generateFromToken_end() {
|
||||
$this->assertGenerateFromToken(
|
||||
new HTMLPurifier_Token_End('b'),
|
||||
'</b>'
|
||||
);
|
||||
}
|
||||
|
||||
$inputs[3] = new HTMLPurifier_Token_Empty('br',
|
||||
function test_generateFromToken_emptyWithAttr() {
|
||||
$this->assertGenerateFromToken(
|
||||
new HTMLPurifier_Token_Empty('br',
|
||||
array('style' => 'font-family:"Courier New";')
|
||||
),
|
||||
'<br style="font-family:"Courier New";" />'
|
||||
);
|
||||
$expect[3] = '<br style="font-family:"Courier New";" />';
|
||||
}
|
||||
|
||||
$inputs[4] = new HTMLPurifier_Token_Start('asdf');
|
||||
$expect[4] = '<asdf>';
|
||||
function test_generateFromToken_startNoAttr() {
|
||||
$this->assertGenerateFromToken(
|
||||
new HTMLPurifier_Token_Start('asdf'),
|
||||
'<asdf>'
|
||||
);
|
||||
}
|
||||
|
||||
$inputs[5] = new HTMLPurifier_Token_Empty('br');
|
||||
$expect[5] = '<br />';
|
||||
function test_generateFromToken_emptyNoAttr() {
|
||||
$this->assertGenerateFromToken(
|
||||
new HTMLPurifier_Token_Empty('br'),
|
||||
'<br />'
|
||||
);
|
||||
}
|
||||
|
||||
// test fault tolerance
|
||||
$inputs[6] = null;
|
||||
$expect[6] = '';
|
||||
function test_generateFromToken_error() {
|
||||
$this->expectError('Cannot generate HTML from non-HTMLPurifier_Token object');
|
||||
$this->assertGenerateFromToken( null, '' );
|
||||
}
|
||||
|
||||
// don't convert non-special characters
|
||||
function test_generateFromToken_() {
|
||||
$theta_char = $this->_entity_lookup->table['theta'];
|
||||
$inputs[7] = new HTMLPurifier_Token_Text($theta_char);
|
||||
$expect[7] = $theta_char;
|
||||
|
||||
foreach ($inputs as $i => $input) {
|
||||
$result = $this->obj->generateFromToken($input);
|
||||
$this->assertIdentical($result, $expect[$i]);
|
||||
$this->assertGenerateFromToken(
|
||||
new HTMLPurifier_Token_Text($theta_char),
|
||||
$theta_char
|
||||
);
|
||||
}
|
||||
|
||||
function assertGenerateAttributes($attr, $expect, $element = false) {
|
||||
$generator = $this->createGenerator();
|
||||
$result = $generator->generateAttributes($attr, $element);
|
||||
$this->assertIdentical($result, $expect);
|
||||
}
|
||||
|
||||
function test_generateAttributes() {
|
||||
function test_generateAttributes_blank() {
|
||||
$this->assertGenerateAttributes(array(), '');
|
||||
}
|
||||
|
||||
$inputs = $expect = array();
|
||||
function test_generateAttributes_basic() {
|
||||
$this->assertGenerateAttributes(
|
||||
array('href' => 'dyn?a=foo&b=bar'),
|
||||
'href="dyn?a=foo&b=bar"'
|
||||
);
|
||||
}
|
||||
|
||||
$inputs[0] = array();
|
||||
$expect[0] = '';
|
||||
function test_generateAttributes_doubleQuote() {
|
||||
$this->assertGenerateAttributes(
|
||||
array('style' => 'font-family:"Courier New";'),
|
||||
'style="font-family:"Courier New";"'
|
||||
);
|
||||
}
|
||||
|
||||
$inputs[1] = array('href' => 'dyn?a=foo&b=bar');
|
||||
$expect[1] = 'href="dyn?a=foo&b=bar"';
|
||||
function test_generateAttributes_singleQuote() {
|
||||
$this->assertGenerateAttributes(
|
||||
array('style' => 'font-family:\'Courier New\';'),
|
||||
'style="font-family:\'Courier New\';"'
|
||||
);
|
||||
}
|
||||
|
||||
$inputs[2] = array('style' => 'font-family:"Courier New";');
|
||||
$expect[2] = 'style="font-family:"Courier New";"';
|
||||
function test_generateAttributes_multiple() {
|
||||
$this->assertGenerateAttributes(
|
||||
array('src' => 'picture.jpg', 'alt' => 'Short & interesting'),
|
||||
'src="picture.jpg" alt="Short & interesting"'
|
||||
);
|
||||
}
|
||||
|
||||
$inputs[3] = array('src' => 'picture.jpg', 'alt' => 'Short & interesting');
|
||||
$expect[3] = 'src="picture.jpg" alt="Short & interesting"';
|
||||
|
||||
// don't escape nonspecial characters
|
||||
function test_generateAttributes_specialChar() {
|
||||
$theta_char = $this->_entity_lookup->table['theta'];
|
||||
$inputs[4] = array('title' => 'Theta is ' . $theta_char);
|
||||
$expect[4] = 'title="Theta is ' . $theta_char . '"';
|
||||
|
||||
foreach ($inputs as $i => $input) {
|
||||
$result = $this->obj->generateAttributes($input, 'irrelevant');
|
||||
$this->assertIdentical($result, $expect[$i]);
|
||||
$this->assertGenerateAttributes(
|
||||
array('title' => 'Theta is ' . $theta_char),
|
||||
'title="Theta is ' . $theta_char . '"'
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function test_generateAttributes_minimized() {
|
||||
$gen = new HTMLPurifier_Generator();
|
||||
$context = new HTMLPurifier_Context();
|
||||
$gen->generateFromTokens(array(), HTMLPurifier_Config::create(array('HTML.Doctype' => 'HTML 4.01 Transitional')), $context);
|
||||
$result = $gen->generateAttributes(array('compact' => 'compact'), 'menu');
|
||||
$this->assertIdentical($result, 'compact');
|
||||
$this->config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
|
||||
$this->assertGenerateAttributes(
|
||||
array('compact' => 'compact'), 'compact', 'menu'
|
||||
);
|
||||
}
|
||||
|
||||
function test_generateFromTokens() {
|
||||
|
||||
$this->func = 'generateFromTokens';
|
||||
|
||||
$this->assertResult(
|
||||
$this->assertGeneration(
|
||||
array(
|
||||
new HTMLPurifier_Token_Start('b'),
|
||||
new HTMLPurifier_Token_Text('Foobar!'),
|
||||
@ -111,23 +155,15 @@ class HTMLPurifier_GeneratorTest extends HTMLPurifier_ComplexHarness
|
||||
'<b>Foobar!</b>'
|
||||
);
|
||||
|
||||
$this->assertResult(array(), '');
|
||||
|
||||
}
|
||||
|
||||
protected function assertGeneration($tokens, $expect) {
|
||||
$context = new HTMLPurifier_Context();
|
||||
$result = $this->gen->generateFromTokens(
|
||||
$tokens, $this->config, $context);
|
||||
// normalized newlines, this probably should be put somewhere else
|
||||
$result = str_replace("\r\n", "\n", $result);
|
||||
$result = str_replace("\r", "\n", $result);
|
||||
$generator = new HTMLPurifier_Generator($this->config, $this->context);
|
||||
$result = $generator->generateFromTokens($tokens);
|
||||
$this->assertIdentical($expect, $result);
|
||||
}
|
||||
|
||||
function test_generateFromTokens_Scripting() {
|
||||
$this->config = HTMLPurifier_Config::createDefault();
|
||||
|
||||
$this->assertGeneration(
|
||||
array(
|
||||
new HTMLPurifier_Token_Start('script'),
|
||||
@ -136,8 +172,9 @@ class HTMLPurifier_GeneratorTest extends HTMLPurifier_ComplexHarness
|
||||
),
|
||||
"<script><!--//--><![CDATA[//><!--\nalert(3 < 5);\n//--><!]]></script>"
|
||||
);
|
||||
}
|
||||
|
||||
// if missing close tag, don't do anything
|
||||
function test_generateFromTokens_Scripting_missingCloseTag() {
|
||||
$this->assertGeneration(
|
||||
array(
|
||||
new HTMLPurifier_Token_Start('script'),
|
||||
@ -145,8 +182,9 @@ class HTMLPurifier_GeneratorTest extends HTMLPurifier_ComplexHarness
|
||||
),
|
||||
"<script>alert(3 < 5);"
|
||||
);
|
||||
}
|
||||
|
||||
// if two script blocks, don't do anything
|
||||
function test_generateFromTokens_Scripting_doubleBlock() {
|
||||
$this->assertGeneration(
|
||||
array(
|
||||
new HTMLPurifier_Token_Start('script'),
|
||||
@ -156,12 +194,10 @@ class HTMLPurifier_GeneratorTest extends HTMLPurifier_ComplexHarness
|
||||
),
|
||||
"<script>alert(3 < 5);foo();</script>"
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
|
||||
$this->config = HTMLPurifier_Config::createDefault();
|
||||
function test_generateFromTokens_Scripting_disableWrapper() {
|
||||
$this->config->set('Output', 'CommentScriptContents', false);
|
||||
|
||||
$this->assertGeneration(
|
||||
array(
|
||||
new HTMLPurifier_Token_Start('script'),
|
||||
|
Loading…
Reference in New Issue
Block a user