tests/HTMLPurifier/URIFilter/MungeTest.php

   1 <?php
   2
   3 class HTMLPurifier_URIFilter_MungeTest extends HTMLPurifier_URIFilterHarness
   4 {
   5
   6     public function setUp()
   7     {
   8         parent::setUp();
   9         $this->filter = new HTMLPurifier_URIFilter_Munge();
  10     }
  11
  12     protected function setMunge($uri = 'http://www.google.com/url?q=%s')
  13     {
  14         $this->config->set('URI.Munge', $uri);
  15     }
  16
  17     protected function setSecureMunge($key = 'secret')
  18     {
  19         $this->setMunge('/redirect.php?url=%s&checksum=%t');
  20         $this->config->set('URI.MungeSecretKey', $key);
  21     }
  22
  23     public function testMunge()
  24     {
  25         $this->setMunge();
  26         $this->assertFiltering(
  27             'http://www.example.com/',
  28             'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F'
  29         );
  30     }
  31
  32     public function testMungeReplaceTagName()
  33     {
  34         $this->setMunge('/r?tagname=%n&url=%s');
  35         $token = new HTMLPurifier_Token_Start('a');
  36         $this->context->register('CurrentToken', $token);
  37         $this->assertFiltering('http://google.com', '/r?tagname=a&url=http%3A%2F%2Fgoogle.com');
  38     }
  39
  40     public function testMungeReplaceAttribute()
  41     {
  42         $this->setMunge('/r?attr=%m&url=%s');
  43         $attr = 'href';
  44         $this->context->register('CurrentAttr', $attr);
  45         $this->assertFiltering('http://google.com', '/r?attr=href&url=http%3A%2F%2Fgoogle.com');
  46     }
  47
  48     public function testMungeReplaceResource()
  49     {
  50         $this->setMunge('/r?embeds=%r&url=%s');
  51         $embeds = false;
  52         $this->context->register('EmbeddedURI', $embeds);
  53         $this->assertFiltering('http://google.com', '/r?embeds=&url=http%3A%2F%2Fgoogle.com');
  54     }
  55
  56     public function testMungeReplaceCSSProperty()
  57     {
  58         $this->setMunge('/r?property=%p&url=%s');
  59         $property = 'background';
  60         $this->context->register('CurrentCSSProperty', $property);
  61         $this->assertFiltering('http://google.com', '/r?property=background&url=http%3A%2F%2Fgoogle.com');
  62     }
  63
  64     public function testIgnoreEmbedded()
  65     {
  66         $this->setMunge();
  67         $embeds = true;
  68         $this->context->register('EmbeddedURI', $embeds);
  69         $this->assertFiltering('http://example.com');
  70     }
  71
  72     public function testProcessEmbedded()
  73     {
  74         $this->setMunge();
  75         $this->config->set('URI.MungeResources', true);
  76         $embeds = true;
  77         $this->context->register('EmbeddedURI', $embeds);
  78         $this->assertFiltering('http://www.example.com/', 'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F');
  79     }
  80
  81     public function testPreserveRelative()
  82     {
  83         $this->setMunge();
  84         $this->assertFiltering('index.html');
  85     }
  86
  87     public function testMungeIgnoreUnknownSchemes()
  88     {
  89         $this->setMunge();
  90         $this->assertFiltering('javascript:foobar();', true);
  91     }
  92
  93     public function testSecureMungePreserve()
  94     {
  95         $this->setSecureMunge();
  96         $this->assertFiltering('/local');
  97     }
  98
  99     public function testSecureMungePreserveEmbedded()
 100     {
 101         $this->setSecureMunge();
 102         $embedded = true;
 103         $this->context->register('EmbeddedURI', $embedded);
 104         $this->assertFiltering('http://google.com');
 105     }
 106
 107     public function testSecureMungeStandard()
 108     {
 109         $this->setSecureMunge();
 110         $this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=46267a796aca0ea5839f24c4c97ad2648373a4eca31b1c0d1fa7c7ff26798f79');
 111     }
 112
 113     public function testSecureMungeIgnoreUnknownSchemes()
 114     {
 115         // This should be integration tested as well to be false
 116         $this->setSecureMunge();
 117         $this->assertFiltering('javascript:', true);
 118     }
 119
 120     public function testSecureMungeIgnoreUnbrowsableSchemes()
 121     {
 122         $this->setSecureMunge();
 123         $this->assertFiltering('news:', true);
 124     }
 125
 126     public function testSecureMungeToDirectory()
 127     {
 128         $this->setSecureMunge();
 129         $this->setMunge('/links/%s/%t');
 130         $this->assertFiltering('http://google.com', '/links/http%3A%2F%2Fgoogle.com/46267a796aca0ea5839f24c4c97ad2648373a4eca31b1c0d1fa7c7ff26798f79');
 131     }
 132
 133     public function testMungeIgnoreSameDomain()
 134     {
 135         $this->setMunge('http://example.com/%s');
 136         $this->assertFiltering('http://example.com/foobar');
 137     }
 138
 139     public function testMungeIgnoreSameDomainInsecureToSecure()
 140     {
 141         $this->setMunge('http://example.com/%s');
 142         $this->assertFiltering('https://example.com/foobar');
 143     }
 144
 145     public function testMungeIgnoreSameDomainSecureToSecure()
 146     {
 147         $this->config->set('URI.Base', 'https://example.com');
 148         $this->setMunge('http://example.com/%s');
 149         $this->assertFiltering('https://example.com/foobar');
 150     }
 151
 152     public function testMungeSameDomainSecureToInsecure()
 153     {
 154         $this->config->set('URI.Base', 'https://example.com');
 155         $this->setMunge('/%s');
 156         $this->assertFiltering('http://example.com/foobar', '/http%3A%2F%2Fexample.com%2Ffoobar');
 157     }
 158
 159     public function testMungeIgnoresSourceHost()
 160     {
 161         $this->config->set('URI.Host', 'foo.example.com');
 162         $this->setMunge('http://example.com/%s');
 163         $this->assertFiltering('http://foo.example.com/bar');
 164     }
 165
 166 }
 167
 168 // vim: et sw=4 sts=4