diff options
author | friendica <info@friendica.com> | 2012-05-12 17:57:41 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-07-18 20:40:31 +1000 |
commit | 7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a (patch) | |
tree | a9c3d91209cff770bb4b613b1b95e61a7bbc5a2b /lib/htmlpurifier/tests/HTMLPurifier/HTMLModule/SafeObjectTest.php | |
parent | cd727cb26b78a1dade09d510b071446898477356 (diff) | |
download | volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.gz volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.bz2 volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.zip |
some important stuff we'll need
Diffstat (limited to 'lib/htmlpurifier/tests/HTMLPurifier/HTMLModule/SafeObjectTest.php')
-rw-r--r-- | lib/htmlpurifier/tests/HTMLPurifier/HTMLModule/SafeObjectTest.php | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/lib/htmlpurifier/tests/HTMLPurifier/HTMLModule/SafeObjectTest.php b/lib/htmlpurifier/tests/HTMLPurifier/HTMLModule/SafeObjectTest.php new file mode 100644 index 000000000..d8a23d50f --- /dev/null +++ b/lib/htmlpurifier/tests/HTMLPurifier/HTMLModule/SafeObjectTest.php @@ -0,0 +1,49 @@ +<?php + +class HTMLPurifier_HTMLModule_SafeObjectTest extends HTMLPurifier_HTMLModuleHarness +{ + + function setUp() { + parent::setUp(); + $this->config->set('HTML.DefinitionID', 'HTMLPurifier_HTMLModule_SafeObjectTest'); + $this->config->set('HTML.SafeObject', true); + } + + function testMinimal() { + $this->assertResult( + '<object></object>', + '<object type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>' + ); + } + + function testYouTube() { + // embed is purposely removed + $this->assertResult( + '<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/RVtEQxH7PWA&hl=en"></param><embed src="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" type="application/x-shockwave-flash" width="425" height="344"></embed></object>', + '<object width="425" height="344" data="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" /></object>' + ); + } + + function testMalicious() { + $this->assertResult( + '<object width="9999999" height="9999999"><param name="allowScriptAccess" value="always" /><param name="movie" value="http://example.com/attack.swf" /></object>', + '<object width="1200" height="1200" data="http://example.com/attack.swf" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://example.com/attack.swf" /></object>' + ); + } + + function testFull() { + $this->assertResult( + '<b><object width="425" height="344" type="application/x-shockwave-flash" data="Foobar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="flashvars" value="foobarbaz=bally" /><param name="movie" value="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" /><param name="wmode" value="window" /></object></b>' + ); + } + + function testFullScreen() { + $this->config->set('HTML.FlashAllowFullScreen', true); + $this->assertResult( + '<b><object width="425" height="344" type="application/x-shockwave-flash" data="Foobar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="flashvars" value="foobarbaz=bally" /><param name="movie" value="http://www.youtube.com/v/RVtEQxH7PWA&hl=en" /><param name="wmode" value="window" /><param name="allowFullScreen" value="true" /></object></b>' + ); + } + +} + +// vim: et sw=4 sts=4 |