tests/HTMLPurifierTest.php

   1 <?php
   2
   3 class HTMLPurifierTest extends HTMLPurifier_Harness
   4 {
   5     protected $purifier;
   6
   7     function setUp() {
   8         $this->purifier = new HTMLPurifier();
   9     }
  10
  11     function assertPurification($input, $expect = null, $config = array()) {
  12         if ($expect === null) $expect = $input;
  13         $result = $this->purifier->purify($input, $config);
  14         $this->assertIdentical($expect, $result);
  15     }
  16
  17     function testNull() {
  18         $this->assertPurification("Null byte\0", "Null byte");
  19     }
  20
  21     function testStrict() {
  22         $config = HTMLPurifier_Config::createDefault();
  23         $config->set('HTML', 'Strict', true);
  24         $this->purifier = new HTMLPurifier( $config ); // verbose syntax
  25
  26         $this->assertPurification(
  27             '<u>Illegal underline</u>',
  28             '<span style="text-decoration:underline;">Illegal underline</span>'
  29         );
  30
  31         $this->assertPurification(
  32             '<blockquote>Illegal contents</blockquote>',
  33             '<blockquote><p>Illegal contents</p></blockquote>'
  34         );
  35
  36     }
  37
  38     function testDifferentAllowedElements() {
  39
  40         $this->purifier = new HTMLPurifier(array(
  41             'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
  42             'HTML.AllowedAttributes' => array('a.href', '*.id')
  43         ));
  44
  45         $this->assertPurification(
  46             '<p>Par.</p><p>Para<a href="http://google.com/">gr</a>aph</p>Text<b>Bol<i>d</i></b>'
  47         );
  48
  49         $this->assertPurification(
  50             '<span>Not allowed</span><a class="mef" id="foobar">Foobar</a>',
  51             'Not allowed<a>Foobar</a>' // no ID!!!
  52         );
  53
  54     }
  55
  56     function testDifferentAllowedCSSProperties() {
  57
  58         $this->purifier = new HTMLPurifier(array(
  59             'CSS.AllowedProperties' => array('color', 'background-color')
  60         ));
  61
  62         $this->assertPurification(
  63             '<div style="color:#f00;background-color:#ded;">red</div>'
  64         );
  65
  66         $this->assertPurification(
  67             '<div style="color:#f00;border:1px solid #000">red</div>',
  68             '<div style="color:#f00;">red</div>'
  69         );
  70
  71     }
  72
  73     function testDisableURI() {
  74
  75         $this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );
  76
  77         $this->assertPurification(
  78             '<img src="foobar"/>',
  79             ''
  80         );
  81
  82     }
  83
  84     function test_purifyArray() {
  85
  86         $this->purifier = new HTMLPurifier();
  87
  88         $this->assertIdentical(
  89             $this->purifier->purifyArray(
  90                 array('Good', '<b>Sketchy', 'foo' => '<script>bad</script>')
  91             ),
  92             array('Good', '<b>Sketchy</b>', 'foo' => '')
  93         );
  94
  95         $this->assertIsA($this->purifier->context, 'array');
  96
  97     }
  98
  99     function testEnableAttrID() {
 100
 101         $this->purifier = new HTMLPurifier();
 102
 103         $this->assertPurification(
 104             '<span id="moon">foobar</span>',
 105             '<span>foobar</span>'
 106         );
 107
 108         $this->purifier = new HTMLPurifier(array('HTML.EnableAttrID' => true));
 109         $this->assertPurification('<span id="moon">foobar</span>');
 110         $this->assertPurification('<img id="folly" src="folly.png" alt="Omigosh!" />');
 111
 112     }
 113
 114     function testScript() {
 115         $this->purifier = new HTMLPurifier(array('HTML.Trusted' => true));
 116         $ideal = '<script type="text/javascript"><!--//--><![CDATA[//><!--
 117 alert("<This is compatible with XHTML>");
 118 //--><!]]></script>';
 119
 120         $this->assertPurification($ideal);
 121
 122         $this->assertPurification(
 123             '<script type="text/javascript"><![CDATA[
 124 alert("<This is compatible with XHTML>");
 125 ]]></script>',
 126             $ideal
 127         );
 128
 129         $this->assertPurification(
 130             '<script type="text/javascript">alert("<This is compatible with XHTML>");</script>',
 131             $ideal
 132         );
 133
 134         $this->assertPurification(
 135             '<script type="text/javascript"><!--
 136 alert("<This is compatible with XHTML>");
 137 //--></script>',
 138             $ideal
 139         );
 140
 141         $this->assertPurification(
 142             '<script type="text/javascript"><![CDATA[
 143 alert("<This is compatible with XHTML>");
 144 //]]></script>',
 145             $ideal
 146         );
 147     }
 148
 149     function testGetInstance() {
 150         $purifier  = HTMLPurifier::getInstance();
 151         $purifier2 = HTMLPurifier::getInstance();
 152         $this->assertReference($purifier, $purifier2);
 153     }
 154
 155     function testMakeAbsolute() {
 156         $this->assertPurification(
 157             '<a href="foo.txt">Foobar</a>',
 158             '<a href="http://example.com/bar/foo.txt">Foobar</a>',
 159             array(
 160                 'URI.Base' => 'http://example.com/bar/baz.php',
 161                 'URI.MakeAbsolute' => true
 162             )
 163         );
 164     }
 165
 166 }
 167