mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-14 09:18:41 +00:00
f3d050c517
The first bug is that we will repeatedly write out the result of a customized raw definition to the filesystem, even when a cache entry already exists. The second bug is that caching these definitions doesn't actually work (the cache entry is written but never used.) A new API for retrieving raw definitions permits the user to take advantage of caching. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
106 lines
2.8 KiB
PHP
106 lines
2.8 KiB
PHP
<?php
|
|
|
|
class HTMLPurifier_Strategy_RemoveForeignElementsTest extends HTMLPurifier_StrategyHarness
|
|
{
|
|
|
|
function setUp() {
|
|
parent::setUp();
|
|
$this->obj = new HTMLPurifier_Strategy_RemoveForeignElements();
|
|
}
|
|
|
|
function testBlankInput() {
|
|
$this->assertResult('');
|
|
}
|
|
|
|
function testPreserveRecognizedElements() {
|
|
$this->assertResult('This is <b>bold text</b>.');
|
|
}
|
|
|
|
function testRemoveForeignElements() {
|
|
$this->assertResult(
|
|
'<asdf>Bling</asdf><d href="bang">Bong</d><foobar />',
|
|
'BlingBong'
|
|
);
|
|
}
|
|
|
|
function testRemoveScriptAndContents() {
|
|
$this->assertResult(
|
|
'<script>alert();</script>',
|
|
''
|
|
);
|
|
}
|
|
|
|
function testRemoveStyleAndContents() {
|
|
$this->assertResult(
|
|
'<style>.foo {blink;}</style>',
|
|
''
|
|
);
|
|
}
|
|
|
|
function testRemoveOnlyScriptTagsLegacy() {
|
|
$this->config->set('Core.RemoveScriptContents', false);
|
|
$this->assertResult(
|
|
'<script>alert();</script>',
|
|
'alert();'
|
|
);
|
|
}
|
|
|
|
function testRemoveOnlyScriptTags() {
|
|
$this->config->set('Core.HiddenElements', array());
|
|
$this->assertResult(
|
|
'<script>alert();</script>',
|
|
'alert();'
|
|
);
|
|
}
|
|
|
|
function testRemoveInvalidImg() {
|
|
$this->assertResult('<img />', '');
|
|
}
|
|
|
|
function testPreserveValidImg() {
|
|
$this->assertResult('<img src="foobar.gif" alt="foobar.gif" />');
|
|
}
|
|
|
|
function testPreserveInvalidImgWhenRemovalIsDisabled() {
|
|
$this->config->set('Core.RemoveInvalidImg', false);
|
|
$this->assertResult('<img />');
|
|
}
|
|
|
|
function testTextifyCommentedScriptContents() {
|
|
$this->config->set('HTML.Trusted', true);
|
|
$this->config->set('Output.CommentScriptContents', false); // simplify output
|
|
$this->assertResult(
|
|
'<script type="text/javascript"><!--
|
|
alert(<b>bold</b>);
|
|
// --></script>',
|
|
'<script type="text/javascript">
|
|
alert(<b>bold</b>);
|
|
// </script>'
|
|
);
|
|
}
|
|
|
|
function testRequiredAttributesTestNotPerformedOnEndTag() {
|
|
$def = $this->config->getHTMLDefinition(true);
|
|
$def->addElement('f', 'Block', 'Optional: #PCDATA', false, array('req*' => 'Text'));
|
|
$this->assertResult('<f req="text">Foo</f> Bar');
|
|
}
|
|
|
|
function testPreserveCommentsWithHTMLTrusted() {
|
|
$this->config->set('HTML.Trusted', true);
|
|
$this->assertResult('<!-- foo -->');
|
|
}
|
|
|
|
function testRemoveTrailingHyphensInComment() {
|
|
$this->config->set('HTML.Trusted', true);
|
|
$this->assertResult('<!-- foo ----->', '<!-- foo -->');
|
|
}
|
|
|
|
function testCollapseDoubleHyphensInComment() {
|
|
$this->config->set('HTML.Trusted', true);
|
|
$this->assertResult('<!-- bo --- asdf--as -->', '<!-- bo - asdf-as -->');
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|