search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make all of the tests work on all PHP versions.
[htmlpurifier.git] / tests / HTMLPurifier / HTMLDefinitionTest.php
blob6640cb0d0aac6cdaae1730af211d52083e5b5d5a
1 <?php
2
3 class HTMLPurifier_HTMLDefinitionTest extends HTMLPurifier_Harness
4 {
5
6 function expectError($error = false, $message = '%s') {
7 // Because we're testing a definition, it's vital that the cache
8 // is turned off for tests that expect errors.
9 $this->config->set('Cache.DefinitionImpl', null);
10 parent::expectError($error);
11 }
12
13 function test_parseTinyMCEAllowedList() {
14
15 $def = new HTMLPurifier_HTMLDefinition();
16
17 // note: this is case-sensitive, but its config schema
18 // counterpart is not. This is generally a good thing for users,
19 // but it's a slight internal inconsistency
20
21 $this->assertEqual(
22 $def->parseTinyMCEAllowedList(''),
23 array(array(), array())
24 );
25
26 $this->assertEqual(
27 $def->parseTinyMCEAllowedList('a,b,c'),
28 array(array('a' => true, 'b' => true, 'c' => true), array())
29 );
30
31 $this->assertEqual(
32 $def->parseTinyMCEAllowedList('a[x|y|z]'),
33 array(array('a' => true), array('a.x' => true, 'a.y' => true, 'a.z' => true))
34 );
35
36 $this->assertEqual(
37 $def->parseTinyMCEAllowedList('*[id]'),
38 array(array(), array('*.id' => true))
39 );
40
41 $this->assertEqual(
42 $def->parseTinyMCEAllowedList('a[*]'),
43 array(array('a' => true), array('a.*' => true))
44 );
45
46 $this->assertEqual(
47 $def->parseTinyMCEAllowedList('span[style],strong,a[href|title]'),
48 array(array('span' => true, 'strong' => true, 'a' => true),
49 array('span.style' => true, 'a.href' => true, 'a.title' => true))
50 );
51
52 $this->assertEqual(
53 // alternate form:
54 $def->parseTinyMCEAllowedList(
55 'span[style]
56 strong
57 a[href|title]
58 '),
59 $val = array(array('span' => true, 'strong' => true, 'a' => true),
60 array('span.style' => true, 'a.href' => true, 'a.title' => true))
61 );
62
63 $this->assertEqual(
64 $def->parseTinyMCEAllowedList(' span [ style ], strong'."\n\t".'a[href | title]'),
65 $val
66 );
67
68 }
69
70 function test_Allowed() {
71
72 $config1 = HTMLPurifier_Config::create(array(
73 'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
74 'HTML.AllowedAttributes' => array('a@href', '*@id')
75 ));
76
77 $config2 = HTMLPurifier_Config::create(array(
78 'HTML.Allowed' => 'b,i,p,a[href],*[id]'
79 ));
80
81 $this->assertEqual($config1->getHTMLDefinition(), $config2->getHTMLDefinition());
82
83 }
84
85 function assertPurification_AllowedElements_p() {
86 $this->assertPurification('<p><b>Jelly</b></p>', '<p>Jelly</p>');
87 }
88
89 function test_AllowedElements() {
90 $this->config->set('HTML.AllowedElements', 'p');
91 $this->assertPurification_AllowedElements_p();
92 }
93
94 function test_AllowedElements_multiple() {
95 $this->config->set('HTML.AllowedElements', 'p,div');
96 $this->assertPurification('<div><p><b>Jelly</b></p></div>', '<div><p>Jelly</p></div>');
97 }
98
99 function test_AllowedElements_invalidElement() {
100 $this->config->set('HTML.AllowedElements', 'obviously_invalid,p');
101 $this->expectError(new PatternExpectation("/Element 'obviously_invalid' is not supported/"));
102 $this->assertPurification_AllowedElements_p();
103 }
104
105 function test_AllowedElements_invalidElement_xssAttempt() {
106 $this->config->set('HTML.AllowedElements', '<script>,p');
107 $this->expectError(new PatternExpectation("/Element '&lt;script&gt;' is not supported/"));
108 $this->assertPurification_AllowedElements_p();
109 }
110
111 function test_AllowedElements_multipleInvalidElements() {
112 $this->config->set('HTML.AllowedElements', 'dr-wiggles,dr-pepper,p');
113 $this->expectError(new PatternExpectation("/Element 'dr-wiggles' is not supported/"));
114 $this->expectError(new PatternExpectation("/Element 'dr-pepper' is not supported/"));
115 $this->assertPurification_AllowedElements_p();
116 }
117
118 function assertPurification_AllowedAttributes_global_style() {
119 $this->assertPurification(
120 '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
121 '<p style="font-weight:bold;">Jelly</p><br style="clear:both;" />');
122 }
123
124 function test_AllowedAttributes_global_preferredSyntax() {
125 $this->config->set('HTML.AllowedElements', array('p', 'br'));
126 $this->config->set('HTML.AllowedAttributes', 'style');
127 $this->assertPurification_AllowedAttributes_global_style();
128 }
129
130 function test_AllowedAttributes_global_verboseSyntax() {
131 $this->config->set('HTML.AllowedElements', array('p', 'br'));
132 $this->config->set('HTML.AllowedAttributes', '*@style');
133 $this->assertPurification_AllowedAttributes_global_style();
134 }
135
136 function test_AllowedAttributes_global_discouragedSyntax() {
137 // Emit errors eventually
138 $this->config->set('HTML.AllowedElements', array('p', 'br'));
139 $this->config->set('HTML.AllowedAttributes', '*.style');
140 $this->assertPurification_AllowedAttributes_global_style();
141 }
142
143 function assertPurification_AllowedAttributes_local_p_style() {
144 $this->assertPurification(
145 '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
146 '<p style="font-weight:bold;">Jelly</p><br />');
147 }
148
149 function test_AllowedAttributes_local_preferredSyntax() {
150 $this->config->set('HTML.AllowedElements', array('p', 'br'));
151 $this->config->set('HTML.AllowedAttributes', 'p@style');
152 $this->assertPurification_AllowedAttributes_local_p_style();
153 }
154
155 function test_AllowedAttributes_local_discouragedSyntax() {
156 $this->config->set('HTML.AllowedElements', array('p', 'br'));
157 $this->config->set('HTML.AllowedAttributes', 'p.style');
158 $this->assertPurification_AllowedAttributes_local_p_style();
159 }
160
161 function test_AllowedAttributes_multiple() {
162 $this->config->set('HTML.AllowedElements', array('p', 'br'));
163 $this->config->set('HTML.AllowedAttributes', 'p@style,br@class,title');
164 $this->assertPurification(
165 '<p style="font-weight:bold;" class="foo" title="foo">Jelly</p><br style="clear:both;" class="foo" title="foo" />',
166 '<p style="font-weight:bold;" title="foo">Jelly</p><br class="foo" title="foo" />'
167 );
168 }
169
170 function test_AllowedAttributes_local_invalidAttribute() {
171 $this->config->set('HTML.AllowedElements', array('p', 'br'));
172 $this->config->set('HTML.AllowedAttributes', array('p@style', 'p@<foo>'));
173 $this->expectError(new PatternExpectation("/Attribute '&lt;foo&gt;' in element 'p' not supported/"));
174 $this->assertPurification_AllowedAttributes_local_p_style();
175 }
176
177 function test_AllowedAttributes_global_invalidAttribute() {
178 $this->config->set('HTML.AllowedElements', array('p', 'br'));
179 $this->config->set('HTML.AllowedAttributes', array('style', '<foo>'));
180 $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
181 $this->assertPurification_AllowedAttributes_global_style();
182 }
183
184 function test_AllowedAttributes_local_invalidAttributeDueToMissingElement() {
185 $this->config->set('HTML.AllowedElements', array('p', 'br'));
186 $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style');
187 $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
188 $this->assertPurification_AllowedAttributes_local_p_style();
189 }
190
191 function test_AllowedAttributes_duplicate() {
192 $this->config->set('HTML.AllowedElements', array('p', 'br'));
193 $this->config->set('HTML.AllowedAttributes', 'p.style,p@style');
194 $this->assertPurification_AllowedAttributes_local_p_style();
195 }
196
197 function test_AllowedAttributes_multipleErrors() {
198 $this->config->set('HTML.AllowedElements', array('p', 'br'));
199 $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style,<foo>');
200 $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
201 $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
202 $this->assertPurification_AllowedAttributes_local_p_style();
203 }
204
205 function test_ForbiddenElements() {
206 $this->config->set('HTML.ForbiddenElements', 'b');
207 $this->assertPurification('<b>b</b><i>i</i>', 'b<i>i</i>');
208 }
209
210 function test_ForbiddenElements_invalidElement() {
211 $this->config->set('HTML.ForbiddenElements', 'obviously_incorrect');
212 // no error!
213 $this->assertPurification('<i>i</i>');
214 }
215
216 function assertPurification_ForbiddenAttributes_b_style() {
217 $this->assertPurification(
218 '<b style="float:left;">b</b><i style="float:left;">i</i>',
219 '<b>b</b><i style="float:left;">i</i>');
220 }
221
222 function test_ForbiddenAttributes() {
223 $this->config->set('HTML.ForbiddenAttributes', 'b@style');
224 $this->assertPurification_ForbiddenAttributes_b_style();
225 }
226
227 function test_ForbiddenAttributes_incorrectSyntax() {
228 $this->config->set('HTML.ForbiddenAttributes', 'b.style');
229 $this->expectError("Error with b.style: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead");
230 $this->assertPurification('<b style="float:left;">Test</b>');
231 }
232
233 function test_ForbiddenAttributes_incorrectGlobalSyntax() {
234 $this->config->set('HTML.ForbiddenAttributes', '*.style');
235 $this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
236 $this->assertPurification('<b style="float:left;">Test</b>');
237 }
238
239 function assertPurification_ForbiddenAttributes_style() {
240 $this->assertPurification(
241 '<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
242 '<b class="foo">b</b><i>i</i>');
243 }
244
245 function test_ForbiddenAttributes_global() {
246 $this->config->set('HTML.ForbiddenAttributes', 'style');
247 $this->assertPurification_ForbiddenAttributes_style();
248 }
249
250 function test_ForbiddenAttributes_globalVerboseFormat() {
251 $this->config->set('HTML.ForbiddenAttributes', '*@style');
252 $this->assertPurification_ForbiddenAttributes_style();
253 }
254
255 function test_addAttribute() {
256
257 $config = HTMLPurifier_Config::createDefault();
258 $def = $config->getHTMLDefinition(true);
259 $def->addAttribute('span', 'custom', 'Enum#attribute');
260
261 $purifier = new HTMLPurifier($config);
262 $input = '<span custom="attribute">Custom!</span>';
263 $output = $purifier->purify($input);
264 $this->assertIdentical($input, $output);
265
266 }
267
268 function test_addAttribute_multiple() {
269
270 $config = HTMLPurifier_Config::createDefault();
271 $def = $config->getHTMLDefinition(true);
272 $def->addAttribute('span', 'custom', 'Enum#attribute');
273 $def->addAttribute('span', 'foo', 'Text');
274
275 $purifier = new HTMLPurifier($config);
276 $input = '<span custom="attribute" foo="asdf">Custom!</span>';
277 $output = $purifier->purify($input);
278 $this->assertIdentical($input, $output);
279
280 }
281
282 function test_addElement() {
283
284 $config = HTMLPurifier_Config::createDefault();
285 $def = $config->getHTMLDefinition(true);
286 $def->addElement('marquee', 'Inline', 'Inline', 'Common', array('width' => 'Length'));
287
288 $purifier = new HTMLPurifier($config);
289 $input = '<span><marquee width="50">Foobar</marquee></span>';
290 $output = $purifier->purify($input);
291 $this->assertIdentical($input, $output);
292
293 }
294
295 function test_injector() {
296 generate_mock_once('HTMLPurifier_Injector');
297 $injector = new HTMLPurifier_InjectorMock();
298 $injector->name = 'MyInjector';
299 $injector->setReturnValue('checkNeeded', false);
300
301 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
302 $module->info_injector[] = $injector;
303
304 $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
305 array(
306 'MyInjector' => $injector,
307 )
308 );
309 }
310
311 function test_injectorMissingNeeded() {
312 generate_mock_once('HTMLPurifier_Injector');
313 $injector = new HTMLPurifier_InjectorMock();
314 $injector->name = 'MyInjector';
315 $injector->setReturnValue('checkNeeded', 'a');
316
317 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
318 $module->info_injector[] = $injector;
319
320 $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
321 array()
322 );
323 }
324
325 function test_injectorIntegration() {
326 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
327 $module->info_injector[] = 'Linkify';
328
329 $this->assertIdentical(
330 $this->config->getHTMLDefinition()->info_injector,
331 array('Linkify' => new HTMLPurifier_Injector_Linkify())
332 );
333 }
334
335 function test_injectorIntegrationFail() {
336 $this->config->set('HTML.Allowed', 'p');
337
338 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
339 $module->info_injector[] = 'Linkify';
340
341 $this->assertIdentical(
342 $this->config->getHTMLDefinition()->info_injector,
343 array()
344 );
345 }
346
347 function test_notAllowedRequiredAttributeError() {
348 $this->expectError("Required attribute 'src' in element 'img' was not allowed, which means 'img' will not be allowed either");
349 $this->config->set('HTML.Allowed', 'img[alt]');
350 $this->config->getHTMLDefinition();
351 }
352
353 }
354
355 // vim: et sw=4 sts=4
Standards-compliant HTML filter written in PHP