70f4f18b
 Administrator
first_commit
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
<?php
/**
* This test is kinda weird, because it doesn't test the full safe object
* functionality, just a small section of it. Or maybe it's actually the right
* way.
*/
class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness
{
public function setup()
{
parent::setup();
// there is no AutoFormat.SafeObject directive
$this->config->set('AutoFormat.Custom', array(new HTMLPurifier_Injector_SafeObject()));
$this->config->set('HTML.Trusted', true);
}
public function testPreserve()
{
$this->assertResult(
'<b>asdf</b>'
);
}
public function testRemoveStrayParam()
{
$this->assertResult(
'<param />',
''
);
}
public function testEditObjectParam()
{
$this->assertResult(
'<object></object>',
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
);
}
public function testIgnoreStrayParam()
{
$this->assertResult(
'<object><param /></object>',
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
);
}
public function testIgnoreDuplicates()
{
$this->assertResult(
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
);
}
public function testIgnoreBogusData()
{
$this->assertResult(
'<object><param name="allowScriptAccess" value="always" /><param name="allowNetworking" value="always" /></object>',
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
);
}
public function testIgnoreInvalidData()
{
$this->assertResult(
'<object><param name="foo" value="bar" /></object>',
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
);
}
public function testKeepValidData()
{
$this->assertResult(
'<object><param name="movie" value="bar" /></object>',
'<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>'
);
}
public function testNested()
{
$this->assertResult(
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>',
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>'
);
}
public function testNotActuallyNested()
{
$this->assertResult(
'<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>',
'<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>'
);
}
}
// vim: et sw=4 sts=4
|
