diff options
| author | friendica <info@friendica.com> | 2012-05-12 17:57:41 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-07-18 20:40:31 +1000 |
| commit | 7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a (patch) | |
| tree | a9c3d91209cff770bb4b613b1b95e61a7bbc5a2b /lib/htmlpurifier/tests/HTMLPurifier/Injector/SafeObjectTest.php | |
| parent | cd727cb26b78a1dade09d510b071446898477356 (diff) | |
| download | volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.gz volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.bz2 volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.zip | |
some important stuff we'll need
Diffstat (limited to 'lib/htmlpurifier/tests/HTMLPurifier/Injector/SafeObjectTest.php')
| -rw-r--r-- | lib/htmlpurifier/tests/HTMLPurifier/Injector/SafeObjectTest.php | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/lib/htmlpurifier/tests/HTMLPurifier/Injector/SafeObjectTest.php b/lib/htmlpurifier/tests/HTMLPurifier/Injector/SafeObjectTest.php new file mode 100644 index 000000000..59e0493c3 --- /dev/null +++ b/lib/htmlpurifier/tests/HTMLPurifier/Injector/SafeObjectTest.php @@ -0,0 +1,88 @@ +<?php + +/** + * This test is kinda weird, because it doesn't test the full safe object + * functionality, just a small section of it. Or maybe it's actually the right + * way. + */ +class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness +{ + + function setup() { + parent::setup(); + // there is no AutoFormat.SafeObject directive + $this->config->set('AutoFormat.Custom', array(new HTMLPurifier_Injector_SafeObject())); + $this->config->set('HTML.Trusted', true); + } + + function testPreserve() { + $this->assertResult( + '<b>asdf</b>' + ); + } + + function testRemoveStrayParam() { + $this->assertResult( + '<param />', + '' + ); + } + + function testEditObjectParam() { + $this->assertResult( + '<object></object>', + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>' + ); + } + + function testIgnoreStrayParam() { + $this->assertResult( + '<object><param /></object>', + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>' + ); + } + + function testIgnoreDuplicates() { + $this->assertResult( + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>' + ); + } + + function testIgnoreBogusData() { + $this->assertResult( + '<object><param name="allowScriptAccess" value="always" /><param name="allowNetworking" value="always" /></object>', + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>' + ); + } + + function testIgnoreInvalidData() { + $this->assertResult( + '<object><param name="foo" value="bar" /></object>', + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>' + ); + } + + function testKeepValidData() { + $this->assertResult( + '<object><param name="movie" value="bar" /></object>', + '<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>' + ); + } + + function testNested() { + $this->assertResult( + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>', + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>' + ); + } + + function testNotActuallyNested() { + $this->assertResult( + '<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>', + '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>' + ); + } + +} + +// vim: et sw=4 sts=4 |