search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PSR-2 reformatting PHPDoc corrections
[htmlpurifier.git] / tests / HTMLPurifier / HTMLDefinitionTest.php
blob9c090da4378fe12ad71cad1074425c751987629d
1 <?php
2
3 class HTMLPurifier_HTMLDefinitionTest extends HTMLPurifier_Harness
4 {
5
6 public function expectError($error = false, $message = '%s')
7 {
8 // Because we're testing a definition, it's vital that the cache
9 // is turned off for tests that expect errors.
10 $this->config->set('Cache.DefinitionImpl', null);
11 parent::expectError($error);
12 }
13
14 public function test_parseTinyMCEAllowedList()
15 {
16 $def = new HTMLPurifier_HTMLDefinition();
17
18 // note: this is case-sensitive, but its config schema
19 // counterpart is not. This is generally a good thing for users,
20 // but it's a slight internal inconsistency
21
22 $this->assertEqual(
23 $def->parseTinyMCEAllowedList(''),
24 array(array(), array())
25 );
26
27 $this->assertEqual(
28 $def->parseTinyMCEAllowedList('a,b,c'),
29 array(array('a' => true, 'b' => true, 'c' => true), array())
30 );
31
32 $this->assertEqual(
33 $def->parseTinyMCEAllowedList('a[x|y|z]'),
34 array(array('a' => true), array('a.x' => true, 'a.y' => true, 'a.z' => true))
35 );
36
37 $this->assertEqual(
38 $def->parseTinyMCEAllowedList('*[id]'),
39 array(array(), array('*.id' => true))
40 );
41
42 $this->assertEqual(
43 $def->parseTinyMCEAllowedList('a[*]'),
44 array(array('a' => true), array('a.*' => true))
45 );
46
47 $this->assertEqual(
48 $def->parseTinyMCEAllowedList('span[style],strong,a[href|title]'),
49 array(array('span' => true, 'strong' => true, 'a' => true),
50 array('span.style' => true, 'a.href' => true, 'a.title' => true))
51 );
52
53 $this->assertEqual(
54 // alternate form:
55 $def->parseTinyMCEAllowedList(
56 'span[style]
57 strong
58 a[href|title]
59 '),
60 $val = array(array('span' => true, 'strong' => true, 'a' => true),
61 array('span.style' => true, 'a.href' => true, 'a.title' => true))
62 );
63
64 $this->assertEqual(
65 $def->parseTinyMCEAllowedList(' span [ style ], strong'."\n\t".'a[href | title]'),
66 $val
67 );
68
69 }
70
71 public function test_Allowed()
72 {
73 $config1 = HTMLPurifier_Config::create(array(
74 'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
75 'HTML.AllowedAttributes' => array('a@href', '*@id')
76 ));
77
78 $config2 = HTMLPurifier_Config::create(array(
79 'HTML.Allowed' => 'b,i,p,a[href],*[id]'
80 ));
81
82 $this->assertEqual($config1->getHTMLDefinition(), $config2->getHTMLDefinition());
83
84 }
85
86 public function assertPurification_AllowedElements_p()
87 {
88 $this->assertPurification('<p><b>Jelly</b></p>', '<p>Jelly</p>');
89 }
90
91 public function test_AllowedElements()
92 {
93 $this->config->set('HTML.AllowedElements', 'p');
94 $this->assertPurification_AllowedElements_p();
95 }
96
97 public function test_AllowedElements_multiple()
98 {
99 $this->config->set('HTML.AllowedElements', 'p,div');
100 $this->assertPurification('<div><p><b>Jelly</b></p></div>', '<div><p>Jelly</p></div>');
101 }
102
103 public function test_AllowedElements_invalidElement()
104 {
105 $this->config->set('HTML.AllowedElements', 'obviously_invalid,p');
106 $this->expectError(new PatternExpectation("/Element 'obviously_invalid' is not supported/"));
107 $this->assertPurification_AllowedElements_p();
108 }
109
110 public function test_AllowedElements_invalidElement_xssAttempt()
111 {
112 $this->config->set('HTML.AllowedElements', '<script>,p');
113 $this->expectError(new PatternExpectation("/Element '&lt;script&gt;' is not supported/"));
114 $this->assertPurification_AllowedElements_p();
115 }
116
117 public function test_AllowedElements_multipleInvalidElements()
118 {
119 $this->config->set('HTML.AllowedElements', 'dr-wiggles,dr-pepper,p');
120 $this->expectError(new PatternExpectation("/Element 'dr-wiggles' is not supported/"));
121 $this->expectError(new PatternExpectation("/Element 'dr-pepper' is not supported/"));
122 $this->assertPurification_AllowedElements_p();
123 }
124
125 public function assertPurification_AllowedAttributes_global_style()
126 {
127 $this->assertPurification(
128 '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
129 '<p style="font-weight:bold;">Jelly</p><br style="clear:both;" />');
130 }
131
132 public function test_AllowedAttributes_global_preferredSyntax()
133 {
134 $this->config->set('HTML.AllowedElements', array('p', 'br'));
135 $this->config->set('HTML.AllowedAttributes', 'style');
136 $this->assertPurification_AllowedAttributes_global_style();
137 }
138
139 public function test_AllowedAttributes_global_verboseSyntax()
140 {
141 $this->config->set('HTML.AllowedElements', array('p', 'br'));
142 $this->config->set('HTML.AllowedAttributes', '*@style');
143 $this->assertPurification_AllowedAttributes_global_style();
144 }
145
146 public function test_AllowedAttributes_global_discouragedSyntax()
147 {
148 // Emit errors eventually
149 $this->config->set('HTML.AllowedElements', array('p', 'br'));
150 $this->config->set('HTML.AllowedAttributes', '*.style');
151 $this->assertPurification_AllowedAttributes_global_style();
152 }
153
154 public function assertPurification_AllowedAttributes_local_p_style()
155 {
156 $this->assertPurification(
157 '<p style="font-weight:bold;" class="foo">Jelly</p><br style="clear:both;" />',
158 '<p style="font-weight:bold;">Jelly</p><br />');
159 }
160
161 public function test_AllowedAttributes_local_preferredSyntax()
162 {
163 $this->config->set('HTML.AllowedElements', array('p', 'br'));
164 $this->config->set('HTML.AllowedAttributes', 'p@style');
165 $this->assertPurification_AllowedAttributes_local_p_style();
166 }
167
168 public function test_AllowedAttributes_local_discouragedSyntax()
169 {
170 $this->config->set('HTML.AllowedElements', array('p', 'br'));
171 $this->config->set('HTML.AllowedAttributes', 'p.style');
172 $this->assertPurification_AllowedAttributes_local_p_style();
173 }
174
175 public function test_AllowedAttributes_multiple()
176 {
177 $this->config->set('HTML.AllowedElements', array('p', 'br'));
178 $this->config->set('HTML.AllowedAttributes', 'p@style,br@class,title');
179 $this->assertPurification(
180 '<p style="font-weight:bold;" class="foo" title="foo">Jelly</p><br style="clear:both;" class="foo" title="foo" />',
181 '<p style="font-weight:bold;" title="foo">Jelly</p><br class="foo" title="foo" />'
182 );
183 }
184
185 public function test_AllowedAttributes_local_invalidAttribute()
186 {
187 $this->config->set('HTML.AllowedElements', array('p', 'br'));
188 $this->config->set('HTML.AllowedAttributes', array('p@style', 'p@<foo>'));
189 $this->expectError(new PatternExpectation("/Attribute '&lt;foo&gt;' in element 'p' not supported/"));
190 $this->assertPurification_AllowedAttributes_local_p_style();
191 }
192
193 public function test_AllowedAttributes_global_invalidAttribute()
194 {
195 $this->config->set('HTML.AllowedElements', array('p', 'br'));
196 $this->config->set('HTML.AllowedAttributes', array('style', '<foo>'));
197 $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
198 $this->assertPurification_AllowedAttributes_global_style();
199 }
200
201 public function test_AllowedAttributes_local_invalidAttributeDueToMissingElement()
202 {
203 $this->config->set('HTML.AllowedElements', array('p', 'br'));
204 $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style');
205 $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
206 $this->assertPurification_AllowedAttributes_local_p_style();
207 }
208
209 public function test_AllowedAttributes_duplicate()
210 {
211 $this->config->set('HTML.AllowedElements', array('p', 'br'));
212 $this->config->set('HTML.AllowedAttributes', 'p.style,p@style');
213 $this->assertPurification_AllowedAttributes_local_p_style();
214 }
215
216 public function test_AllowedAttributes_multipleErrors()
217 {
218 $this->config->set('HTML.AllowedElements', array('p', 'br'));
219 $this->config->set('HTML.AllowedAttributes', 'p.style,foo.style,<foo>');
220 $this->expectError(new PatternExpectation("/Cannot allow attribute 'style' if element 'foo' is not allowed\/supported/"));
221 $this->expectError(new PatternExpectation("/Global attribute '&lt;foo&gt;' is not supported in any elements/"));
222 $this->assertPurification_AllowedAttributes_local_p_style();
223 }
224
225 public function test_ForbiddenElements()
226 {
227 $this->config->set('HTML.ForbiddenElements', 'b');
228 $this->assertPurification('<b>b</b><i>i</i>', 'b<i>i</i>');
229 }
230
231 public function test_ForbiddenElements_invalidElement()
232 {
233 $this->config->set('HTML.ForbiddenElements', 'obviously_incorrect');
234 // no error!
235 $this->assertPurification('<i>i</i>');
236 }
237
238 public function assertPurification_ForbiddenAttributes_b_style()
239 {
240 $this->assertPurification(
241 '<b style="float:left;">b</b><i style="float:left;">i</i>',
242 '<b>b</b><i style="float:left;">i</i>');
243 }
244
245 public function test_ForbiddenAttributes()
246 {
247 $this->config->set('HTML.ForbiddenAttributes', 'b@style');
248 $this->assertPurification_ForbiddenAttributes_b_style();
249 }
250
251 public function test_ForbiddenAttributes_incorrectSyntax()
252 {
253 $this->config->set('HTML.ForbiddenAttributes', 'b.style');
254 $this->expectError("Error with b.style: tag.attr syntax not supported for HTML.ForbiddenAttributes; use tag@attr instead");
255 $this->assertPurification('<b style="float:left;">Test</b>');
256 }
257
258 public function test_ForbiddenAttributes_incorrectGlobalSyntax()
259 {
260 $this->config->set('HTML.ForbiddenAttributes', '*.style');
261 $this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
262 $this->assertPurification('<b style="float:left;">Test</b>');
263 }
264
265 public function assertPurification_ForbiddenAttributes_style()
266 {
267 $this->assertPurification(
268 '<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
269 '<b class="foo">b</b><i>i</i>');
270 }
271
272 public function test_ForbiddenAttributes_global()
273 {
274 $this->config->set('HTML.ForbiddenAttributes', 'style');
275 $this->assertPurification_ForbiddenAttributes_style();
276 }
277
278 public function test_ForbiddenAttributes_globalVerboseFormat()
279 {
280 $this->config->set('HTML.ForbiddenAttributes', '*@style');
281 $this->assertPurification_ForbiddenAttributes_style();
282 }
283
284 public function test_addAttribute()
285 {
286 $config = HTMLPurifier_Config::createDefault();
287 $def = $config->getHTMLDefinition(true);
288 $def->addAttribute('span', 'custom', 'Enum#attribute');
289
290 $purifier = new HTMLPurifier($config);
291 $input = '<span custom="attribute">Custom!</span>';
292 $output = $purifier->purify($input);
293 $this->assertIdentical($input, $output);
294
295 }
296
297 public function test_addAttribute_multiple()
298 {
299 $config = HTMLPurifier_Config::createDefault();
300 $def = $config->getHTMLDefinition(true);
301 $def->addAttribute('span', 'custom', 'Enum#attribute');
302 $def->addAttribute('span', 'foo', 'Text');
303
304 $purifier = new HTMLPurifier($config);
305 $input = '<span custom="attribute" foo="asdf">Custom!</span>';
306 $output = $purifier->purify($input);
307 $this->assertIdentical($input, $output);
308
309 }
310
311 public function test_addElement()
312 {
313 $config = HTMLPurifier_Config::createDefault();
314 $def = $config->getHTMLDefinition(true);
315 $def->addElement('marquee', 'Inline', 'Inline', 'Common', array('width' => 'Length'));
316
317 $purifier = new HTMLPurifier($config);
318 $input = '<span><marquee width="50">Foobar</marquee></span>';
319 $output = $purifier->purify($input);
320 $this->assertIdentical($input, $output);
321
322 }
323
324 public function test_injector()
325 {
326 generate_mock_once('HTMLPurifier_Injector');
327 $injector = new HTMLPurifier_InjectorMock();
328 $injector->name = 'MyInjector';
329 $injector->setReturnValue('checkNeeded', false);
330
331 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
332 $module->info_injector[] = $injector;
333
334 $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
335 array(
336 'MyInjector' => $injector,
337 )
338 );
339 }
340
341 public function test_injectorMissingNeeded()
342 {
343 generate_mock_once('HTMLPurifier_Injector');
344 $injector = new HTMLPurifier_InjectorMock();
345 $injector->name = 'MyInjector';
346 $injector->setReturnValue('checkNeeded', 'a');
347
348 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
349 $module->info_injector[] = $injector;
350
351 $this->assertIdentical($this->config->getHTMLDefinition()->info_injector,
352 array()
353 );
354 }
355
356 public function test_injectorIntegration()
357 {
358 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
359 $module->info_injector[] = 'Linkify';
360
361 $this->assertIdentical(
362 $this->config->getHTMLDefinition()->info_injector,
363 array('Linkify' => new HTMLPurifier_Injector_Linkify())
364 );
365 }
366
367 public function test_injectorIntegrationFail()
368 {
369 $this->config->set('HTML.Allowed', 'p');
370
371 $module = $this->config->getHTMLDefinition(true)->getAnonymousModule();
372 $module->info_injector[] = 'Linkify';
373
374 $this->assertIdentical(
375 $this->config->getHTMLDefinition()->info_injector,
376 array()
377 );
378 }
379
380 public function test_notAllowedRequiredAttributeError()
381 {
382 $this->expectError("Required attribute 'src' in element 'img' was not allowed, which means 'img' will not be allowed either");
383 $this->config->set('HTML.Allowed', 'img[alt]');
384 $this->config->getHTMLDefinition();
385 }
386
387 }
388
389 // vim: et sw=4 sts=4
Standards-compliant HTML filter written in PHP