tests/HTMLPurifier/URISchemeTest.php

   1 <?php
   2
   3 // WARNING: All the URI schemes are far to relaxed, we need to tighten
   4 // the checks.
   5
   6 class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
   7 {
   8
   9     private $pngBase64;
  10
  11     public function __construct()
  12     {
  13         $this->pngBase64 =
  14             'iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAABGdBTUEAALGP'.
  15             'C/xhBQAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9YGARc5KB0XV+IA'.
  16             'AAAddEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIFRoZSBHSU1Q72QlbgAAAF1J'.
  17             'REFUGNO9zL0NglAAxPEfdLTs4BZM4DIO4C7OwQg2JoQ9LE1exdlYvBBeZ7jq'.
  18             'ch9//q1uH4TLzw4d6+ErXMMcXuHWxId3KOETnnXXV6MJpcq2MLaI97CER3N0'.
  19             'vr4MkhoXe0rZigAAAABJRU5ErkJggg==';
  20     }
  21
  22     protected function assertValidation($uri, $expect_uri = true)
  23     {
  24         $this->prepareURI($uri, $expect_uri);
  25         $this->config->set('URI.AllowedSchemes', array($uri->scheme));
  26         // convenience hack: the scheme should be explicitly specified
  27         $scheme = $uri->getSchemeObj($this->config, $this->context);
  28         $result = $scheme->validate($uri, $this->config, $this->context);
  29         $this->assertEitherFailOrIdentical($result, $uri, $expect_uri);
  30     }
  31
  32     public function test_http_regular()
  33     {
  34         $this->assertValidation(
  35             'http://example.com/?s=q#fragment'
  36         );
  37     }
  38
  39     public function test_http_uppercase()
  40     {
  41         $this->assertValidation(
  42             'http://example.com/FOO'
  43         );
  44     }
  45
  46     public function test_http_removeDefaultPort()
  47     {
  48         $this->assertValidation(
  49             'http://example.com:80',
  50             'http://example.com'
  51         );
  52     }
  53
  54     public function test_http_removeUserInfo()
  55     {
  56         $this->assertValidation(
  57             'http://bob@example.com',
  58             'http://example.com'
  59         );
  60     }
  61
  62     public function test_http_preserveNonDefaultPort()
  63     {
  64         $this->assertValidation(
  65             'http://example.com:8080'
  66         );
  67     }
  68
  69     public function test_https_regular()
  70     {
  71         $this->assertValidation(
  72             'https://user@example.com:443/?s=q#frag',
  73             'https://example.com/?s=q#frag'
  74         );
  75     }
  76
  77     public function test_ftp_regular()
  78     {
  79         $this->assertValidation(
  80             'ftp://user@example.com/path'
  81         );
  82     }
  83
  84     public function test_ftp_removeDefaultPort()
  85     {
  86         $this->assertValidation(
  87             'ftp://example.com:21',
  88             'ftp://example.com'
  89         );
  90     }
  91
  92     public function test_ftp_removeQueryString()
  93     {
  94         $this->assertValidation(
  95             'ftp://example.com?s=q',
  96             'ftp://example.com'
  97         );
  98     }
  99
 100     public function test_ftp_preserveValidTypecode()
 101     {
 102         $this->assertValidation(
 103             'ftp://example.com/file.txt;type=a'
 104         );
 105     }
 106
 107     public function test_ftp_removeInvalidTypecode()
 108     {
 109         $this->assertValidation(
 110             'ftp://example.com/file.txt;type=z',
 111             'ftp://example.com/file.txt'
 112         );
 113     }
 114
 115     public function test_ftp_encodeExtraSemicolons()
 116     {
 117         $this->assertValidation(
 118             'ftp://example.com/too;many;semicolons=1',
 119             'ftp://example.com/too%3Bmany%3Bsemicolons=1'
 120         );
 121     }
 122
 123     public function test_news_regular()
 124     {
 125         $this->assertValidation(
 126             'news:gmane.science.linguistics'
 127         );
 128     }
 129
 130     public function test_news_explicit()
 131     {
 132         $this->assertValidation(
 133             'news:642@eagle.ATT.COM'
 134         );
 135     }
 136
 137     public function test_news_removeNonPathComponents()
 138     {
 139         $this->assertValidation(
 140             'news://user@example.com:80/rec.music?path=foo#frag',
 141             'news:/rec.music#frag'
 142         );
 143     }
 144
 145     public function test_nntp_regular()
 146     {
 147         $this->assertValidation(
 148             'nntp://news.example.com/alt.misc/42#frag'
 149         );
 150     }
 151
 152     public function test_nntp_removalOfRedundantOrUselessComponents()
 153     {
 154         $this->assertValidation(
 155             'nntp://user@news.example.com:119/alt.misc/42?s=q#frag',
 156             'nntp://news.example.com/alt.misc/42#frag'
 157         );
 158     }
 159
 160     public function test_mailto_regular()
 161     {
 162         $this->assertValidation(
 163             'mailto:bob@example.com'
 164         );
 165     }
 166
 167     public function test_mailto_removalOfRedundantOrUselessComponents()
 168     {
 169         $this->assertValidation(
 170             'mailto://user@example.com:80/bob@example.com?subject=Foo#frag',
 171             'mailto:/bob@example.com?subject=Foo#frag'
 172         );
 173     }
 174
 175     public function test_tel_strip_punctuation()
 176     {
 177         $this->assertValidation(
 178             'tel:+1 (555) 555-5555', 'tel:+15555555555'
 179         );
 180     }
 181
 182     public function test_tel_regular()
 183     {
 184         $this->assertValidation(
 185             'tel:+15555555555'
 186         );
 187     }
 188
 189     public function test_tel_with_extension()
 190     {
 191         $this->assertValidation(
 192             'tel:+1-555-555-5555x123', 'tel:+15555555555x123'
 193         );
 194     }
 195
 196     public function test_tel_no_plus()
 197     {
 198         $this->assertValidation(
 199             'tel:555-555-5555', 'tel:5555555555'
 200         );
 201     }
 202
 203     public function test_tel_strip_letters()
 204     {
 205         $this->assertValidation(
 206             'tel:abcd1234',
 207             'tel:1234'
 208         );
 209     }
 210
 211     public function test_data_png()
 212     {
 213         $this->assertValidation(
 214             'data:image/png;base64,'.$this->pngBase64
 215         );
 216     }
 217
 218     public function test_data_malformed()
 219     {
 220         $this->assertValidation(
 221             'data:image/png;base64,vr4MkhoXJRU5ErkJggg==',
 222             false
 223         );
 224     }
 225
 226     public function test_data_implicit()
 227     {
 228         $this->assertValidation(
 229             'data:base64,'.$this->pngBase64,
 230             'data:image/png;base64,'.$this->pngBase64
 231         );
 232     }
 233
 234     public function test_file_basic()
 235     {
 236         $this->assertValidation(
 237             'file://user@MYCOMPUTER:12/foo/bar?baz#frag',
 238             'file://MYCOMPUTER/foo/bar#frag'
 239         );
 240     }
 241
 242     public function test_file_local()
 243     {
 244         $this->assertValidation(
 245             'file:///foo/bar?baz#frag',
 246             'file:///foo/bar#frag'
 247         );
 248     }
 249
 250     public function test_ftp_empty_host()
 251     {
 252         $this->assertValidation('ftp:///example.com', false);
 253     }
 254
 255     public function test_data_bad_base64()
 256     {
 257         $this->assertValidation('data:image/png;base64,aGVsbG90aGVyZXk|', false);
 258     }
 259
 260     public function test_data_too_short()
 261     {
 262         $this->assertValidation('data:image/png;base64,aGVsbG90aGVyZXk=', false);
 263     }
 264
 265 }
 266
 267 // vim: et sw=4 sts=4