tests/HTMLPurifier/Injector/SafeObjectTest.php

   1 <?php
   2
   3 /**
   4  * This test is kinda weird, because it doesn't test the full safe object
   5  * functionality, just a small section of it. Or maybe it's actually the right
   6  * way.
   7  */
   8 class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness
   9 {
  10
  11     function setup() {
  12         parent::setup();
  13         $this->config->set('AutoFormat', 'Custom', array(new HTMLPurifier_Injector_SafeObject()));
  14         $this->config->set('HTML', 'Trusted', true);
  15     }
  16
  17     function testPreserve() {
  18         $this->assertResult(
  19             '<b>asdf</b>'
  20         );
  21     }
  22
  23     function testRemoveStrayParam() {
  24         $this->assertResult(
  25             '<param />',
  26             ''
  27         );
  28     }
  29
  30     function testEditObjectParam() {
  31         $this->assertResult(
  32             '<object></object>',
  33             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  34         );
  35     }
  36
  37     function testIgnoreStrayParam() {
  38         $this->assertResult(
  39             '<object><param /></object>',
  40             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  41         );
  42     }
  43
  44     function testIgnoreDuplicates() {
  45         $this->assertResult(
  46             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  47         );
  48     }
  49
  50     function testIgnoreBogusData() {
  51         $this->assertResult(
  52             '<object><param name="allowScriptAccess" value="always" /><param name="allowNetworking" value="always" /></object>',
  53             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  54         );
  55     }
  56
  57     function testIgnoreInvalidData() {
  58         $this->assertResult(
  59             '<object><param name="foo" value="bar" /></object>',
  60             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  61         );
  62     }
  63
  64     function testKeepValidData() {
  65         $this->assertResult(
  66             '<object><param name="movie" value="bar" /></object>',
  67             '<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>'
  68         );
  69     }
  70
  71     function testNested() {
  72         $this->assertResult(
  73             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>',
  74             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>'
  75         );
  76     }
  77
  78     function testNotActuallyNested() {
  79         $this->assertResult(
  80             '<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>',
  81             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>'
  82         );
  83     }
  84
  85 }
  86