mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-14 01:08:41 +00:00
d3abcb90e3
The new logic is as follows: * Given a URL to insert into url(), check that it is properly URL encoded (in particular, a doublequote and backslash never occurs within it) and then place it as url("http://example.com"). * Given a font name, if it is strictly alphanumeric, it is safe to omit quotes. Otherwise, wrap in double quotes and replace '"' with '\22 ' (note trailing space) and '\' with '\5C ' (ditto). We introduce expandCSSEscape() which is a hack for common parsing idioms in CSS; this means that CSS escapes are now recognized inside URLs as well as unquoted font names. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
35 lines
1.1 KiB
PHP
35 lines
1.1 KiB
PHP
<?php
|
|
|
|
class HTMLPurifier_AttrDef_CSS_FontTest extends HTMLPurifier_AttrDefHarness
|
|
{
|
|
|
|
function test() {
|
|
|
|
$config = HTMLPurifier_Config::createDefault();
|
|
$this->def = new HTMLPurifier_AttrDef_CSS_Font($config);
|
|
|
|
// hodgepodge of usage cases from W3C spec, but " -> '
|
|
$this->assertDef('12px/14px sans-serif');
|
|
$this->assertDef('80% sans-serif');
|
|
$this->assertDef('x-large/110% "New Century Schoolbook", serif');
|
|
$this->assertDef('bold italic large Palatino, serif');
|
|
$this->assertDef('normal small-caps 120%/120% fantasy');
|
|
$this->assertDef('300 italic 1.3em/1.7em "FB Armada", sans-serif');
|
|
$this->assertDef('600 9px Charcoal');
|
|
$this->assertDef('600 9px/ 12px Charcoal', '600 9px/12px Charcoal');
|
|
|
|
// spacing
|
|
$this->assertDef('12px / 14px sans-serif', '12px/14px sans-serif');
|
|
|
|
// system fonts
|
|
$this->assertDef('menu');
|
|
|
|
$this->assertDef('800', false);
|
|
$this->assertDef('600 9px//12px Charcoal', false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|