tests/HTMLPurifierTest.php

   1 <?php
   2
   3 require_once 'HTMLPurifier.php';
   4
   5 // integration test
   6
   7 class HTMLPurifierTest extends HTMLPurifier_Harness
   8 {
   9     var $purifier;
  10
  11     function setUp() {
  12         $this->purifier = new HTMLPurifier();
  13     }
  14
  15     function assertPurification($input, $expect = null, $config = array()) {
  16         if ($expect === null) $expect = $input;
  17         $result = $this->purifier->purify($input, $config);
  18         $this->assertIdentical($expect, $result);
  19     }
  20
  21     function testNull() {
  22         $this->assertPurification("Null byte\0", "Null byte");
  23     }
  24
  25     function testStrict() {
  26         $config = HTMLPurifier_Config::createDefault();
  27         $config->set('HTML', 'Strict', true);
  28         $this->purifier = new HTMLPurifier( $config ); // verbose syntax
  29
  30         $this->assertPurification(
  31             '<u>Illegal underline</u>',
  32             '<span style="text-decoration:underline;">Illegal underline</span>'
  33         );
  34
  35         $this->assertPurification(
  36             '<blockquote>Illegal contents</blockquote>',
  37             '<blockquote><p>Illegal contents</p></blockquote>'
  38         );
  39
  40     }
  41
  42     function testDifferentAllowedElements() {
  43
  44         $this->purifier = new HTMLPurifier(array(
  45             'HTML.AllowedElements' => array('b', 'i', 'p', 'a'),
  46             'HTML.AllowedAttributes' => array('a.href', '*.id')
  47         ));
  48
  49         $this->assertPurification(
  50             '<p>Par.</p><p>Para<a href="http://google.com/">gr</a>aph</p>Text<b>Bol<i>d</i></b>'
  51         );
  52
  53         $this->assertPurification(
  54             '<span>Not allowed</span><a class="mef" id="foobar">Foobar</a>',
  55             'Not allowed<a>Foobar</a>' // no ID!!!
  56         );
  57
  58     }
  59
  60     function testDisableURI() {
  61
  62         $this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );
  63
  64         $this->assertPurification(
  65             '<img src="foobar"/>',
  66             ''
  67         );
  68
  69     }
  70
  71     function test_purifyArray() {
  72
  73         $this->purifier = new HTMLPurifier();
  74
  75         $this->assertIdentical(
  76             $this->purifier->purifyArray(
  77                 array('Good', '<b>Sketchy', 'foo' => '<script>bad</script>')
  78             ),
  79             array('Good', '<b>Sketchy</b>', 'foo' => '')
  80         );
  81
  82         $this->assertIsA($this->purifier->context, 'array');
  83
  84     }
  85
  86     function testEnableAttrID() {
  87
  88         $this->purifier = new HTMLPurifier();
  89
  90         $this->assertPurification(
  91             '<span id="moon">foobar</span>',
  92             '<span>foobar</span>'
  93         );
  94
  95         $this->purifier = new HTMLPurifier(array('HTML.EnableAttrID' => true));
  96         $this->assertPurification('<span id="moon">foobar</span>');
  97         $this->assertPurification('<img id="folly" src="folly.png" alt="Omigosh!" />');
  98
  99     }
 100
 101     function testScript() {
 102         $this->purifier = new HTMLPurifier(array('HTML.Trusted' => true));
 103         $ideal = '<script type="text/javascript"><!--//--><![CDATA[//><!--
 104 alert("<This is compatible with XHTML>");
 105 //--><!]]></script>';
 106
 107         $this->assertPurification($ideal);
 108
 109         $this->assertPurification(
 110             '<script type="text/javascript"><![CDATA[
 111 alert("<This is compatible with XHTML>");
 112 ]]></script>',
 113             $ideal
 114         );
 115
 116         $this->assertPurification(
 117             '<script type="text/javascript">alert("<This is compatible with XHTML>");</script>',
 118             $ideal
 119         );
 120
 121         $this->assertPurification(
 122             '<script type="text/javascript"><!--
 123 alert("<This is compatible with XHTML>");
 124 //--></script>',
 125             $ideal
 126         );
 127
 128         $this->assertPurification(
 129             '<script type="text/javascript"><![CDATA[
 130 alert("<This is compatible with XHTML>");
 131 //]]></script>',
 132             $ideal
 133         );
 134     }
 135
 136     function testGetInstance() {
 137         $purifier  =& HTMLPurifier::getInstance();
 138         $purifier2 =& HTMLPurifier::getInstance();
 139         $this->assertReference($purifier, $purifier2);
 140     }
 141
 142     function testMakeAbsolute() {
 143         $this->assertPurification(
 144             '<a href="foo.txt">Foobar</a>',
 145             '<a href="http://example.com/bar/foo.txt">Foobar</a>',
 146             array(
 147                 'URI.Base' => 'http://example.com/bar/baz.php',
 148                 'URI.MakeAbsolute' => true
 149             )
 150         );
 151     }
 152
 153 }
 154