search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix #57, make flashvars check (and others) case-insensitive.
[htmlpurifier.git] / tests / HTMLPurifier / Injector / SafeObjectTest.php
blobb780375aead8a8ffd99147ea1a5483e6932ef2a4
1 <?php
2
3 /**
4 * This test is kinda weird, because it doesn't test the full safe object
5 * functionality, just a small section of it. Or maybe it's actually the right
6 * way.
7 */
8 class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness
9 {
10
11 public function setup()
12 {
13 parent::setup();
14 // there is no AutoFormat.SafeObject directive
15 $this->config->set('AutoFormat.Custom', array(new HTMLPurifier_Injector_SafeObject()));
16 $this->config->set('HTML.Trusted', true);
17 }
18
19 public function testPreserve()
20 {
21 $this->assertResult(
22 '<b>asdf</b>'
23 );
24 }
25
26 public function testRemoveStrayParam()
27 {
28 $this->assertResult(
29 '<param />',
30 ''
31 );
32 }
33
34 public function testEditObjectParam()
35 {
36 $this->assertResult(
37 '<object></object>',
38 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
39 );
40 }
41
42 public function testIgnoreStrayParam()
43 {
44 $this->assertResult(
45 '<object><param /></object>',
46 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
47 );
48 }
49
50 public function testIgnoreDuplicates()
51 {
52 $this->assertResult(
53 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
54 );
55 }
56
57 public function testIgnoreBogusData()
58 {
59 $this->assertResult(
60 '<object><param name="allowscriptaccess" value="always" /><param name="allowNetworking" value="always" /></object>',
61 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
62 );
63 }
64
65 public function testIgnoreInvalidData()
66 {
67 $this->assertResult(
68 '<object><param name="foo" value="bar" /></object>',
69 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
70 );
71 }
72
73 public function testKeepValidData()
74 {
75 $this->assertResult(
76 '<object><param name="movie" value="bar" /></object>',
77 '<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>'
78 );
79 }
80
81 public function testNested()
82 {
83 $this->assertResult(
84 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>',
85 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>'
86 );
87 }
88
89 public function testNotActuallyNested()
90 {
91 $this->assertResult(
92 '<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>',
93 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>'
94 );
95 }
96
97 public function testCaseInsensitive()
98 {
99 $this->assertResult(
100 '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="flashVars" value="a" /><param name="FlashVars" value="b" /></object>'
101 );
102 }
103
104 }
105
106 // vim: et sw=4 sts=4
Standards-compliant HTML filter written in PHP