diff options
Diffstat (limited to 'tests')
| l--------- | tests/phpunit-mariadb.xml | 1 | ||||
| -rw-r--r-- | tests/phpunit-mysql.xml | 37 | ||||
| -rw-r--r-- | tests/phpunit-pgsql.xml | 34 | ||||
| -rwxr-xr-x | tests/travis/gen_apidocs.sh | 69 | ||||
| -rwxr-xr-x | tests/travis/prepare.sh | 35 | ||||
| -rwxr-xr-x | tests/travis/prepare_mysql.sh | 39 | ||||
| -rwxr-xr-x | tests/travis/prepare_pgsql.sh | 37 | ||||
| -rw-r--r-- | tests/unit/Lib/PermissionDescriptionTest.php | 129 | ||||
| -rw-r--r-- | tests/unit/TextTest.php | 33 | ||||
| -rw-r--r-- | tests/unit/includes/TextTest.php | 84 | ||||
| -rw-r--r-- | tests/unit/template_test.php | 6 |
11 files changed, 393 insertions, 111 deletions
diff --git a/tests/phpunit-mariadb.xml b/tests/phpunit-mariadb.xml new file mode 120000 index 000000000..63656b78b --- /dev/null +++ b/tests/phpunit-mariadb.xml @@ -0,0 +1 @@ +phpunit-mysql.xml
\ No newline at end of file diff --git a/tests/phpunit-mysql.xml b/tests/phpunit-mysql.xml new file mode 100644 index 000000000..171211094 --- /dev/null +++ b/tests/phpunit-mysql.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/6.0/phpunit.xsd" + bootstrap="../boot.php" + forceCoversAnnotation="false" + beStrictAboutCoversAnnotation="true" + beStrictAboutOutputDuringTests="true" + beStrictAboutTodoAnnotatedTests="true" + verbose="true"> + <testsuite name="Hubzilla default Test Suite"> + <directory suffix="Test.php">./unit/</directory> + </testsuite> + <testsuite name="API Test Suite"> + <directory suffix="Test.php" prefix="API">./unit/</directory> + </testsuite> + <testsuite name="Ex-/Import Test Suite"> + <directory suffix="Test.php">./unit/eximport/</directory> + </testsuite> + <groups> + <exclude> + <group>postgresql</group> + </exclude> + </groups> + <!--cover reporting--> + <filter> + <whitelist processUncoveredFilesFromWhitelist="true"> + <directory suffix=".php">../Zotlabs/</directory> + <directory suffix=".php">../include/</directory> + </whitelist> + </filter> + <logging> + <log type="junit" target="./results/junit.xml" logIncompleteSkipped="false"/> + <log type="coverage-clover" target="./results/coverage-clover.xml"/> + <log type="coverage-html" target="./results/coverage-report/" lowUpperBound="35" + highLowerBound="70"/> + </logging> +</phpunit> diff --git a/tests/phpunit-pgsql.xml b/tests/phpunit-pgsql.xml new file mode 100644 index 000000000..ace14e196 --- /dev/null +++ b/tests/phpunit-pgsql.xml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/6.0/phpunit.xsd" + bootstrap="../boot.php" + forceCoversAnnotation="false" + beStrictAboutCoversAnnotation="true" + beStrictAboutOutputDuringTests="true" + beStrictAboutTodoAnnotatedTests="true" + verbose="true"> + <testsuite name="Hubzilla default Test Suite"> + <directory suffix="Test.php">./unit/</directory> + </testsuite> + <testsuite name="API Test Suite"> + <directory suffix="Test.php" prefix="API">./unit/</directory> + </testsuite> + <groups> + <exclude> + <group>mysql</group> + </exclude> + </groups> + <!--cover reporting--> + <filter> + <whitelist processUncoveredFilesFromWhitelist="true"> + <directory suffix=".php">../Zotlabs/</directory> + <directory suffix=".php">../include/</directory> + </whitelist> + </filter> + <logging> + <log type="junit" target="./results/junit.xml" logIncompleteSkipped="false"/> + <log type="coverage-clover" target="./results/coverage-clover.xml"/> + <log type="coverage-html" target="./results/coverage-report/" lowUpperBound="35" + highLowerBound="70"/> + </logging> +</phpunit> diff --git a/tests/travis/gen_apidocs.sh b/tests/travis/gen_apidocs.sh new file mode 100755 index 000000000..e5938e1e8 --- /dev/null +++ b/tests/travis/gen_apidocs.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash + +# +# Copyright (c) 2016 Hubzilla +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# + +# Exit if anything fails +set -e + +# Only create and deploy API documentation once, on first build job. +# Waiting for upcoming 'Build Stages' Q1/Q2 2017 to make this cleaner. +# https://github.com/travis-ci/travis-ci/issues/929 +if [[ "$TRAVIS_JOB_NUMBER" != "${TRAVIS_BUILD_NUMBER}.1" ]]; then + echo "Not the first build job. Creating API documentation only once is enough." + echo "We are finished ..." + exit +fi + +echo "Doxygen version >= 1.8 is required" +doxygen --version + +# Check if newer version of Doxygen should be used +if [ ! -z "$DOXY_VER" ]; then + export DOXY_BINPATH=$HOME/doxygen/doxygen-$DOXY_VER/bin + if [ ! -e "$DOXY_BINPATH/doxygen" ]; then + echo "Installing newer Doxygen $DOXY_VER ..." + mkdir -p $HOME/doxygen && cd $HOME/doxygen + wget -O - http://ftp.stack.nl/pub/users/dimitri/doxygen-$DOXY_VER.linux.bin.tar.gz | tar xz + export PATH=$DOXY_BINPATH:$PATH + fi + echo "Doxygen version" + doxygen --version +fi + +echo "Generating Doxygen API documentation ..." +cd $TRAVIS_BUILD_DIR +mkdir -p ./doc/html +# Redirect stderr and stdout to log file and console to be able to review documentation errors +doxygen $DOXYFILE 2>&1 | tee ./doc/html/doxygen.log + +# Check if Doxygen successfully created the documentation +if [ -d "doc/html" ] && [ -f "doc/html/index.html" ]; then + echo "API documentation generated" + if [ -n "${TRAVIS_TAG}" ]; then + echo "Generate API documentation archive for release deployment ..." + zip -9 -r -q doc/hubzilla-api-documentation.zip doc/html/ + fi +else + echo "No API documentation files have been found" >&2 + exit 1 +fi diff --git a/tests/travis/prepare.sh b/tests/travis/prepare.sh new file mode 100755 index 000000000..267b4ec46 --- /dev/null +++ b/tests/travis/prepare.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + +# +# Copyright (c) 2016 Hubzilla +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# + +# Exit if anything fails +set -e + +# gd is required, show some info about the used one +php -r "var_dump(gd_info());" + + +echo "Creating required folders for Hubzilla ..." +mkdir -p ./store/\[data\]/smarty3 + +echo "TODO: create .htconfig" diff --git a/tests/travis/prepare_mysql.sh b/tests/travis/prepare_mysql.sh new file mode 100755 index 000000000..92c720205 --- /dev/null +++ b/tests/travis/prepare_mysql.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +# +# Copyright (c) 2016 Hubzilla +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# + +# Exit if anything fails +set -e + +echo "Preparing for MySQL ..." + +# Print out some MySQL information +mysql --version +mysql -e "SELECT VERSION();" +mysql -e "SHOW VARIABLES LIKE 'max_allowed_packet';" +mysql -e "SHOW VARIABLES LIKE 'collation_%';" +mysql -e "SHOW VARIABLES LIKE 'character_set%';" +mysql -e "SELECT @@sql_mode;" + +# Create Hubzilla database +mysql -e "CREATE DATABASE IF NOT EXISTS hubzilla;" -uroot; diff --git a/tests/travis/prepare_pgsql.sh b/tests/travis/prepare_pgsql.sh new file mode 100755 index 000000000..dcd83f3be --- /dev/null +++ b/tests/travis/prepare_pgsql.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +# +# Copyright (c) 2016 Hubzilla +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# + +# Exit if anything fails +set -e + +echo "Preparing for PostgreSQL ..." + +# Print out some PostgreSQL information +psql --version +# Why does this hang further execution of the job? +psql -c "SELECT VERSION();" -U postgres + +# Create Hubzilla database +psql -c "DROP DATABASE IF EXISTS hubzilla;" -U postgres +psql -c "CREATE DATABASE hubzilla;" -U postgres diff --git a/tests/unit/Lib/PermissionDescriptionTest.php b/tests/unit/Lib/PermissionDescriptionTest.php index b1da5a0fd..97a39a2c8 100644 --- a/tests/unit/Lib/PermissionDescriptionTest.php +++ b/tests/unit/Lib/PermissionDescriptionTest.php @@ -1,6 +1,6 @@ <?php /* - * Copyright (c) 2016 Hubzilla + * Copyright (c) 2016-2017 Hubzilla * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -21,90 +21,75 @@ * SOFTWARE. */ -// Global namespace for fully qualified \App class. -namespace { - // General channel permissions in boot.php - // 0 = Only you - define ( 'PERMS_PUBLIC' , 0x0001 ); // anybody - define ( 'PERMS_NETWORK' , 0x0002 ); // anybody in this network - define ( 'PERMS_SITE' , 0x0004 ); // anybody on this site - define ( 'PERMS_CONTACTS' , 0x0008 ); // any of my connections - define ( 'PERMS_SPECIFIC' , 0x0080 ); // only specific connections - define ( 'PERMS_AUTHED' , 0x0100 ); // anybody authenticated (could include visitors from other networks) - define ( 'PERMS_PENDING' , 0x0200 ); // any connections including those who haven't yet been approved - // log levels in boot.php - define ( 'LOGGER_DEBUG', 2 ); +namespace Zotlabs\Tests\Unit\Lib; - // Stub global fully qualified \App class for static function calls - class App { - // Stub get_hostname() - public static function get_hostname() { - return 'phpunit'; - } - } -} +use phpmock\phpunit\PHPMock; +use Zotlabs\Tests\Unit\UnitTestCase; +use Zotlabs\Lib\PermissionDescription; -// Stub global functions used in PermissionDescription with the help of -// PHP's namespace resolution rules. -namespace Zotlabs\Lib { - // Stub global translate function t() - function t($s) { - return $s; - } - // Stub global log function logger() - function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { - // doesn't matter - } -} +/** + * @brief Unit Test case for PermissionDescription class. + */ +class PermissionDescriptionTest extends UnitTestCase { -// regular namespace for this unit test -namespace Zotlabs\Tests\Unit\Lib { + use PHPMock; - use Zotlabs\Tests\Unit\UnitTestCase; - use Zotlabs\Lib\PermissionDescription; + public function testFromDescription() { + $permDesc = PermissionDescription::fromDescription('test'); + $permDesc2 = PermissionDescription::fromDescription('test'); + $permDesc3 = PermissionDescription::fromDescription('test2'); - /** - * @brief Unit Test case for ConnectionPool class. - */ - class PermissionDescriptionTest extends UnitTestCase { + $this->assertEquals($permDesc, $permDesc2); + $this->assertNotEquals($permDesc, $permDesc3); + } - public function testFromDescription() { - $permDesc = PermissionDescription::fromDescription('test'); - $permDesc2 = PermissionDescription::fromDescription('test'); - $permDesc3 = PermissionDescription::fromDescription('test2'); + public function testFromStandalonePermission() { + // Create a stub for global function t() + $t = $this->getFunctionMock('Zotlabs\Lib', 't'); + $t->expects($this->atLeastOnce())->willReturnCallback( + function ($string) { + return $string; + } + ); + // Create a mock for global function logger() + $this->getFunctionMock('Zotlabs\Lib', 'logger'); - $this->assertEquals($permDesc, $permDesc2); - $this->assertNotEquals($permDesc, $permDesc3); - } + $permDescUnknown = PermissionDescription::fromStandalonePermission(-1); + $permDescSelf = PermissionDescription::fromStandalonePermission(0); - public function testFromStandalonePermission() { - $permDescUnknown = PermissionDescription::fromStandalonePermission(-1); - $permDescSelf = PermissionDescription::fromStandalonePermission(0); + $this->assertNull($permDescUnknown); + $this->assertNotNull($permDescSelf); + } - $this->assertNull($permDescUnknown); - $this->assertNotNull($permDescSelf); - } + public function testFromGlobalPermission() { + //$permDesc = PermissionDescription::fromGlobalPermission('view_profile'); - public function testFromGlobalPermission() { - //$permDesc = PermissionDescription::fromGlobalPermission('view_profile'); + $this->markTestIncomplete( + 'The method fromGlobalPermission() is not yet testable ...' + ); + } - $this->markTestIncomplete( - 'For this test we need more stubs...' - ); - } + public function testGetPermissionDescription() { + // Create a stub for global function t() + $t = $this->getFunctionMock('Zotlabs\Lib', 't'); + $t->expects($this->atLeastOnce())->willReturnCallback( + function ($string) { + return $string; + } + ); + // Create a mock for global function logger() + $this->getFunctionMock('Zotlabs\Lib', 'logger'); - public function testGetPermissionDescription() { + // Create a stub for the PermissionDescription class + $stub = $this->createMock(PermissionDescription::class); + $stub->method('get_permission_description') + ->will($this->returnArgument(0)); - // fromStandalonePermission uses get_permission_description(), so that will not help - //$permDescSelf = PermissionDescription::fromStandalonePermission(0); - //$permDescPublic = PermissionDescription::fromStandalonePermission(PERMS_PUBLIC); + $permDescSelf = PermissionDescription::fromStandalonePermission(0); + $this->assertInstanceOf(PermissionDescription::class, $permDescSelf); + $this->assertEquals($permDescSelf->get_permission_description(), 'Only me'); - $this->markTestIncomplete( - 'For this test we need a mock of PermissionDescription...' - ); - //$permDescSelf = - //$this->assertEquals($permDescSelf->, 'Only me'); - //$this->assertEquals($permDescPublic, 'Public'); - } + $permDescPublic = PermissionDescription::fromStandalonePermission(PERMS_PUBLIC); + $this->assertEquals($permDescPublic->get_permission_description(), 'Public'); } } diff --git a/tests/unit/TextTest.php b/tests/unit/TextTest.php deleted file mode 100644 index 48c04bc54..000000000 --- a/tests/unit/TextTest.php +++ /dev/null @@ -1,33 +0,0 @@ -<?php -/** - * this file contains tests for text.php - * - * @package test.util - */ - -use PHPUnit\Framework\TestCase; - -/** required, it is the file under test */ -require_once('include/text.php'); - -/** - * TestCase for the texter - * - * @author ken restivo - * @package test.util - */ -class TextTest extends TestCase { - public function testGoodEmail() { - $this->assertTrue(valid_email_regex('ken@spaz.org')); - } - public function testGoodEmail2() { - $this->assertTrue(valid_email_regex('ken@restivo.org')); - } - public function testGoodEmail3() { - $this->assertTrue(valid_email_regex('nobody@hubzilla.com')); - } - public function testBadEmail() { - $this->assertFalse(valid_email_regex('nobody!uses!these!any.more')); - } - -}
\ No newline at end of file diff --git a/tests/unit/includes/TextTest.php b/tests/unit/includes/TextTest.php new file mode 100644 index 000000000..e2c7cbb9a --- /dev/null +++ b/tests/unit/includes/TextTest.php @@ -0,0 +1,84 @@ +<?php + +namespace Zotlabs\Tests\Unit\includes; + +use Zotlabs\Tests\Unit\UnitTestCase; + +/** + * @brief Unit Test case for include/texter.php file. + * + * @author ken restivo + */ +class TextTest extends UnitTestCase { + + public function testGoodEmail() { + $this->assertTrue(valid_email_regex('ken@spaz.org')); + $this->assertTrue(valid_email_regex('ken@restivo.org')); + $this->assertTrue(valid_email_regex('nobody@hubzilla.org')); + $this->assertTrue(valid_email_regex('foo+nobody@hubzilla.org')); + } + + public function testBadEmail() { + $this->assertFalse(valid_email_regex('nobody!uses!these!any.more')); + $this->assertFalse(valid_email_regex('foo@bar@hubzilla.org')); + } + + public function testPurifyHTML() { + // linebreaks + $htmlbr = 'first line<br /> + one tab preserved + +empty line above'; + $this->assertEquals($htmlbr, purify_html($htmlbr)); + + // HTML5 is not supported by HTMLPurifier yet, test our own configuration + $html5elements = '<section>section<nav>navigation</nav><article>main<a href="http://hubzilla.org/">hubzilla.org</a></article></section><footer>footer</footer>'; + $this->assertEquals($html5elements, purify_html($html5elements)); + $this->assertEquals('<button>button label</button>', purify_html('<button>button label</button>')); + + // unsupported HTML5 elements + $this->assertEquals('Your HTML parser does not support HTML5 video.', purify_html('<video controls><source src="movie.ogg" type="video/ogg">Your HTML parser does not support HTML5 video.</video>')); + $this->assertEquals('Your HTML parser does not support HTML5 audio.', purify_html('<audio controls><source src="movie.ogg" "type="audio/ogg">Your HTML parser does not support HTML5 audio.</audio>')); + + // preserve f6 and bootstrap additional data attributes from our own configuration + $this->assertEquals('<div data-title="title">text</div>', purify_html('<div data-title="title">text</div>')); + $this->assertEquals('<ul data-accordion-menu=""><li>item1</li></ul>', purify_html('<ul data-accordion-menu><li>item1</li></ul>')); + $this->assertEquals('<ul><li>item1</li></ul>', purify_html('<ul data-accordion-menu-unknown><li>item1</li></ul>')); + } + + public function testPurifyHTML_html() { + $this->assertEquals('<div id="id01"><p class="class01">ids und classes</p></div>', purify_html('<div id="id01"><p class="class01">ids und classes</p></div>')); + $this->assertEquals('<div><p>close missing tags</p></div>', purify_html('<div><p>close missing tags')); + $this->assertEquals('<center>deprecated tag</center>', purify_html('<center>deprecated tag</center>')); + $this->assertEquals('<span></span><div>illegal nesting</div>', purify_html('<span><div>illegal nesting</div></span>')); + $this->assertEquals('<a href="#">link with target</a>', purify_html('<a href="#" target="_blank">link with target</a>')); + $this->assertEquals('<a href="#">link with rel="nofollow"</a>', purify_html('<a href="#" rel="nofollow">link with rel="nofollow"</a>')); + $this->assertEquals('a b', purify_html('a b')); + $this->assertEquals('ä ä € €', purify_html('ä ä € €')); + $this->assertEquals('<img src="picture.png" alt="text" />', purify_html('<img src="picture.png" alt="text">')); + $this->assertEquals('', purify_html('<iframe width="560" height="315" src="https://www.youtube.com/embed/kiNGx5oL7hk" frameborder="0" allowfullscreen></iframe>')); + } + + public function testPurifyHTML_js() { + $this->assertEquals('<div></div>', purify_html('<div><img src="javascript:evil();" onload="evil();"></div>')); + $this->assertEquals('<a href="#">link</a>', purify_html('<a href="#" onclick="alert(\'xss\')">link</a>')); + $this->assertEquals('', purify_html('<IMG SRC="javascript:alert('XSS');">')); + $this->assertEquals('', purify_html('<script>alter("42")</script>')); + } + + public function testPurifyHTML_css() { + $this->assertEquals('<p style="color:#FF0000;background-color:#fff;">red</p>', purify_html('<p style="color:red; background-color:#fff">red</p>')); + $this->assertEquals('<p>invalid color</p>', purify_html('<p style="color:invalid; background-color:#jjkkmm">invalid color</p>')); + $this->assertEquals('<p>invalid style</p>', purify_html('<p style="foo:bar">invalid style</p>')); + + // test our own CSS configuration + $this->assertEquals('<div>position removed</div>', purify_html('<div style="position:absolut">position removed</div>')); + $this->assertEquals('<div style="position:fixed;">position preserved</div>', purify_html('<div style="position:fixed">position preserved</div>', true)); + $this->assertEquals('<div>invalid position removed</div>', purify_html('<div style="position:invalid">invalid position removed</div>', true)); + + $this->assertEquals('<div>position removed</div>', purify_html('<div style="top:10px; left:3em;">position removed</div>')); + $this->assertEquals('<div style="top:10px;left:3em;right:50%;">position preserved</div>', purify_html('<div style="top:10px; left:3em; right:50%;">position preserved</div>', true)); + $this->assertEquals('<div>invalid position removed</div>', purify_html('<div style="top:10p">invalid position removed</div>', true)); + } + +} diff --git a/tests/unit/template_test.php b/tests/unit/template_test.php index 1f9f80531..dfaecb4a1 100644 --- a/tests/unit/template_test.php +++ b/tests/unit/template_test.php @@ -25,12 +25,6 @@ function x($s,$k = NULL) { } } -if(!function_exists('get_app')) { -function get_app() { - return new TemplateMockApp(); -} -} - /**
* TestCase for the template engine
*
|