aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKlaus <Klaus.Weidenbach@gmx.net>2017-03-22 00:59:09 +0100
committerGitHub <noreply@github.com>2017-03-22 00:59:09 +0100
commitcaae956f6ec941d0b4567cfd007132f1a9af0321 (patch)
tree9313ee57b1be5ffb1a0b2f39bb82c02311cd57af
parent1bdab6e633fd023432ed86ad898da1fe4ddc470f (diff)
parent30a3339653007be1d562c6d21ed9b569c716ab0f (diff)
downloadvolse-hubzilla-caae956f6ec941d0b4567cfd007132f1a9af0321.tar.gz
volse-hubzilla-caae956f6ec941d0b4567cfd007132f1a9af0321.tar.bz2
volse-hubzilla-caae956f6ec941d0b4567cfd007132f1a9af0321.zip
Merge pull request #705 from dawnbreak/dev
:white_check_mark: Some more tests for purify_html().
-rw-r--r--tests/unit/includes/TextTest.php57
1 files changed, 49 insertions, 8 deletions
diff --git a/tests/unit/includes/TextTest.php b/tests/unit/includes/TextTest.php
index 2b4cb19ea..85ed6a4fd 100644
--- a/tests/unit/includes/TextTest.php
+++ b/tests/unit/includes/TextTest.php
@@ -5,7 +5,7 @@ namespace Zotlabs\Tests\Unit\includes;
use Zotlabs\Tests\Unit\UnitTestCase;
/**
- * @brief Unit Test case for texter.
+ * @brief Unit Test case for include/texter.php file.
*
* @author ken restivo
*/
@@ -24,14 +24,55 @@ class TextTest extends UnitTestCase {
}
public function testPurifyHTML() {
- $html = '<div id="id01"><p class="p01">text<br><b>b</b></p></div>';
- $html_expect = '<div id="id01"><p class="p01">text<br /><b>b</b></p></div>';
- $html5elements = '<section>section<nav>navigation</nav><article>main<a href="http://hubzilla.org/">hubzilla.org</a></article></section><footer>footer</footer>';
- $htmldata = '<div data-title="title">text</div>';
+ // linebreaks
+ $htmlbr = 'first line<br />
+ one tab preserved
+
+empty line above';
+ $this->assertEquals($htmlbr, purify_html($htmlbr));
- $this->assertEquals($html_expect, purify_html($html));
+ // HTML5 is not supported by HTMLPurifier yet, test our own configuration
+ $html5elements = '<section>section<nav>navigation</nav><article>main<a href="http://hubzilla.org/">hubzilla.org</a></article></section><footer>footer</footer>';
$this->assertEquals($html5elements, purify_html($html5elements));
- $this->assertEquals($htmldata, purify_html($htmldata));
+ $this->assertEquals('<button>button label</button>', purify_html('<button>button label</button>'));
+
+ // preserve f6 and bootstrap additional data attributes from our own configuration
+ $this->assertEquals('<div data-title="title">text</div>', purify_html('<div data-title="title">text</div>'));
+ $this->assertEquals('<ul data-accordion-menu=""><li>item1</li></ul>', purify_html('<ul data-accordion-menu><li>item1</li></ul>'));
+ $this->assertEquals('<ul><li>item1</li></ul>', purify_html('<ul data-accordion-menu-unknown><li>item1</li></ul>'));
+ }
+
+ public function testPurifyHTML_html() {
+ $this->assertEquals('<div id="id01"><p class="class01">ids und classes</p></div>', purify_html('<div id="id01"><p class="class01">ids und classes</p></div>'));
+ $this->assertEquals('<div><p>close missing tags</p></div>', purify_html('<div><p>close missing tags'));
+ $this->assertEquals('<center>deprecated tag</center>', purify_html('<center>deprecated tag</center>'));
+ $this->assertEquals('<span></span><div>illegal nesting</div>', purify_html('<span><div>illegal nesting</div></span>'));
+ $this->assertEquals('<a href="#">link with target</a>', purify_html('<a href="#" target="_blank">link with target</a>'));
+ $this->assertEquals('<a href="#">link with rel="nofollow"</a>', purify_html('<a href="#" rel="nofollow">link with rel="nofollow"</a>'));
+ $this->assertEquals('a b', purify_html('a&nbsp;b'));
+ $this->assertEquals('ä ä € €', purify_html('ä &auml; &euro; &#8364;'));
}
-}
+ public function testPurifyHTML_js() {
+ $this->assertEquals('<div></div>', purify_html('<div><img src="javascript:evil();" onload="evil();"></div>'));
+ $this->assertEquals('<a href="#">link</a>', purify_html('<a href="#" onclick="alert(\'xss\')">link</a>'));
+ $this->assertEquals('', purify_html('<IMG SRC="javascript:alert(&#039;XSS&#039;);">'));
+ $this->assertEquals('', purify_html('<script>alter("42")</script>'));
+ }
+
+ public function testPurifyHTML_css() {
+ $this->assertEquals('<p style="color:#FF0000;background-color:#fff;">red</p>', purify_html('<p style="color:red; background-color:#fff">red</p>'));
+ $this->assertEquals('<p>invalid color</p>', purify_html('<p style="color:invalid; background-color:#jjkkmm">invalid color</p>'));
+ $this->assertEquals('<p>invalid style</p>', purify_html('<p style="foo:bar">invalid style</p>'));
+
+ // test our own CSS configuration
+ $this->assertEquals('<div>position removed</div>', purify_html('<div style="position:absolut">position removed</div>'));
+ $this->assertEquals('<div style="position:fixed;">position preserved</div>', purify_html('<div style="position:fixed">position preserved</div>', true));
+ $this->assertEquals('<div>invalid position removed</div>', purify_html('<div style="position:invalid">invalid position removed</div>', true));
+
+ $this->assertEquals('<div>position removed</div>', purify_html('<div style="top:10px; left:3em;">position removed</div>'));
+ $this->assertEquals('<div style="top:10px;left:3em;right:50%;">position preserved</div>', purify_html('<div style="top:10px; left:3em; right:50%;">position preserved</div>', true));
+ $this->assertEquals('<div>invalid position removed</div>', purify_html('<div style="top:10p">invalid position removed</div>', true));
+ }
+
+}