Bug 11413: UT to show up the issue
[koha.git] / t / Scrubber.t
blob0fe3a60e7d0e09bbf394748916fd503d8d30f91e
1 #!/usr/bin/perl
3 use strict;
4 use warnings;
6 use Test::More tests => 19;
7 BEGIN {
8 use FindBin;
9 use lib $FindBin::Bin;
10 use_ok('C4::Scrubber');
13 sub pretty_line {
14 my $max = 54;
15 (@_) or return "#" x $max . "\n";
16 my $phrase = " " . shift() . " ";
17 my $half = "#" x (($max - length($phrase))/2);
18 return $half . $phrase . $half . "\n";
21 my ($scrubber,$html,$result,@types,$collapse);
22 $collapse = 1;
23 @types = qw(default comment tag staff);
24 $html = q|
25 <![CDATA[selfdestruct]]&#x5d;>
26 <?php echo(" EVIL EVIL EVIL "); ?> <!-- COMMENT -->
27 <hr> <!-- TMPL_VAR NAME="password" -->
28 <style type="text/css">body{display:none;}</style>
29 <link media="screen" type="text/css" rev="stylesheet" rel="stylesheet" href="css.css">
30 <I FAKE="attribute" > I am ITALICS with fake="attribute" </I><br />
31 <em FAKE="attribute" > I am em with fake="attribute" </em><br />
32 <B> I am BOLD </B><br />
33 <span style="background-image: url(http://hackersite.cn/porno.jpg);"> I am a span w/ style. Bad style.</span>
34 <span> I am a span trying to inject a link: &lt;a href="badlink.html"&gt; link &lt;/a&gt;</span>
35 <br>
36 <A NAME="evil">
37 <A HREF="javascript:alert('OMG YOO R HACKED');">I am a link firing javascript.</A>
38 <br />
39 <A HREF="image/bigone.jpg" ONMOUSEOVER="alert('OMG YOO R HACKED');">
40 <IMG SRC="image/smallone.jpg" ALT="ONMOUSEOVER JAVASCRIPT">
41 </A>
42 </A> <br>
43 At the end here, I actually have some regular text.
46 print pretty_line("Original HTML:"), $html, "\n", pretty_line();
47 $collapse and diag "Note: scrubber test output will have whitespace collapsed for readability\n";
48 ok($scrubber = C4::Scrubber->new(), "Constructor: C4::Scrubber->new()");
50 isa_ok($scrubber, 'HTML::Scrubber', 'Constructor returns HTML::Scrubber object');
52 ok(printf("# scrubber settings: default %s, comment %s, process %s\n",
53 $scrubber->default(),$scrubber->comment(),$scrubber->process()),
54 "Outputting settings from scrubber object (type: [default])"
56 ok($result = $scrubber->scrub($html), "Getting scrubbed text (type: [default])");
57 $collapse and $result =~ s/\s*\n\s*/\n/g;
58 print pretty_line('default'), $result, "\n", pretty_line();
60 foreach(@types) {
61 ok($scrubber = C4::Scrubber->new($_), "testing Constructor: C4::Scrubber->new($_)");
62 ok(printf("# scrubber settings: default %s, comment %s, process %s\n",
63 $scrubber->default(),$scrubber->comment(),$scrubber->process()),
64 "Outputting settings from scrubber object (type: $_)"
66 ok($result = $scrubber->scrub($html), "Getting scrubbed text (type: $_)");
67 $collapse and $result =~ s/\s*\n\s*/\n/g;
68 print pretty_line($_), $result, "\n", pretty_line();
71 print "\n\n######################################################\nStart of invalid tests\n";
73 #Test for invalid new entry
74 eval{
75 C4::Scrubber->new("");
76 fail("test should fail on entry of ''\n");
78 pass("Test should have failed on entry of '' (empty string) and it did. YAY!\n");
80 eval{
81 C4::Scrubber->new("Client");
82 fail("test should fail on entry of 'Client'\n");
84 pass("Test should have failed on entry of 'Client' and it did. YAY!\n");
86 print "######################################################\n";
88 diag "done.\n";