3 // WARNING: All the URI schemes are far to relaxed, we need to tighten
6 class HTMLPurifier_URISchemeTest
extends HTMLPurifier_URIHarness
11 public function __construct() {
13 'iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAABGdBTUEAALGP'.
14 'C/xhBQAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9YGARc5KB0XV+IA'.
15 'AAAddEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIFRoZSBHSU1Q72QlbgAAAF1J'.
16 'REFUGNO9zL0NglAAxPEfdLTs4BZM4DIO4C7OwQg2JoQ9LE1exdlYvBBeZ7jq'.
17 'ch9//q1uH4TLzw4d6+ErXMMcXuHWxId3KOETnnXXV6MJpcq2MLaI97CER3N0'.
18 'vr4MkhoXe0rZigAAAABJRU5ErkJggg==';
21 protected function assertValidation($uri, $expect_uri = true) {
22 $this->prepareURI($uri, $expect_uri);
23 $this->config
->set('URI.AllowedSchemes', array($uri->scheme
));
24 // convenience hack: the scheme should be explicitly specified
25 $scheme = $uri->getSchemeObj($this->config
, $this->context
);
26 $result = $scheme->validate($uri, $this->config
, $this->context
);
27 $this->assertEitherFailOrIdentical($result, $uri, $expect_uri);
30 function test_http_regular() {
31 $this->assertValidation(
32 'http://example.com/?s=q#fragment'
36 function test_http_removeDefaultPort() {
37 $this->assertValidation(
38 'http://example.com:80',
43 function test_http_removeUserInfo() {
44 $this->assertValidation(
45 'http://bob@example.com',
50 function test_http_preserveNonDefaultPort() {
51 $this->assertValidation(
52 'http://example.com:8080'
56 function test_https_regular() {
57 $this->assertValidation(
58 'https://user@example.com:443/?s=q#frag',
59 'https://example.com/?s=q#frag'
63 function test_ftp_regular() {
64 $this->assertValidation(
65 'ftp://user@example.com/path'
69 function test_ftp_removeDefaultPort() {
70 $this->assertValidation(
71 'ftp://example.com:21',
76 function test_ftp_removeQueryString() {
77 $this->assertValidation(
78 'ftp://example.com?s=q',
83 function test_ftp_preserveValidTypecode() {
84 $this->assertValidation(
85 'ftp://example.com/file.txt;type=a'
89 function test_ftp_removeInvalidTypecode() {
90 $this->assertValidation(
91 'ftp://example.com/file.txt;type=z',
92 'ftp://example.com/file.txt'
96 function test_ftp_encodeExtraSemicolons() {
97 $this->assertValidation(
98 'ftp://example.com/too;many;semicolons=1',
99 'ftp://example.com/too%3Bmany%3Bsemicolons=1'
103 function test_news_regular() {
104 $this->assertValidation(
105 'news:gmane.science.linguistics'
109 function test_news_explicit() {
110 $this->assertValidation(
111 'news:642@eagle.ATT.COM'
115 function test_news_removeNonPathComponents() {
116 $this->assertValidation(
117 'news://user@example.com:80/rec.music?path=foo#frag',
118 'news:/rec.music#frag'
122 function test_nntp_regular() {
123 $this->assertValidation(
124 'nntp://news.example.com/alt.misc/42#frag'
128 function test_nntp_removalOfRedundantOrUselessComponents() {
129 $this->assertValidation(
130 'nntp://user@news.example.com:119/alt.misc/42?s=q#frag',
131 'nntp://news.example.com/alt.misc/42#frag'
135 function test_mailto_regular() {
136 $this->assertValidation(
137 'mailto:bob@example.com'
141 function test_mailto_removalOfRedundantOrUselessComponents() {
142 $this->assertValidation(
143 'mailto://user@example.com:80/bob@example.com?subject=Foo#frag',
144 'mailto:/bob@example.com?subject=Foo#frag'
148 function test_data_png() {
149 $this->assertValidation(
150 'data:image/png;base64,'.$this->pngBase64
154 function test_data_malformed() {
155 $this->assertValidation(
156 'data:image/png;base64,vr4MkhoXJRU5ErkJggg==',
161 function test_data_implicit() {
162 $this->assertValidation(
163 'data:base64,'.$this->pngBase64
,
164 'data:image/png;base64,'.$this->pngBase64
168 function test_file_basic() {
169 $this->assertValidation(
170 'file://user@MYCOMPUTER:12/foo/bar?baz#frag',
171 'file://MYCOMPUTER/foo/bar#frag'
175 function test_file_local() {
176 $this->assertValidation(
177 'file:///foo/bar?baz#frag',
178 'file:///foo/bar#frag'
182 function test_ftp_empty_host() {
183 $this->assertValidation('ftp:///example.com', false);
188 // vim: et sw=4 sts=4