lib/htmlpurifier/tests/HTMLPurifier/AttrDef/URITest.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

<?php

/**
 * @todo Aim for complete code coverage with mocks
 */
class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
{

    function setUp() {
        $this->def = new HTMLPurifier_AttrDef_URI();
        parent::setUp();
    }

    function testIntegration() {
        $this->assertDef('http://www.google.com/');
        $this->assertDef('http:', '');
        $this->assertDef('http:/foo', '/foo');
        $this->assertDef('javascript:bad_stuff();', false);
        $this->assertDef('ftp://www.example.com/');
        $this->assertDef('news:rec.alt');
        $this->assertDef('nntp://news.example.com/324234');
        $this->assertDef('mailto:bob@example.com');
    }

    function testIntegrationWithPercentEncoder() {
        $this->assertDef(
            'http://www.example.com/%56%fc%GJ%5%FC',
            'http://www.example.com/V%FC%25GJ%255%FC'
        );
    }

    function testPercentEncoding() {
        $this->assertDef(
            'http:colon:mercenary',
            'colon%3Amercenary'
        );
    }

    function testPercentEncodingPreserve() {
        $this->assertDef(
            'http://www.example.com/abcABC123-_.!~*()\''
        );
    }

    function testEmbeds() {
        $this->def = new HTMLPurifier_AttrDef_URI(true);
        $this->assertDef('http://sub.example.com/alas?foo=asd');
        $this->assertDef('mailto:foo@example.com', false);
    }

    function testConfigMunge() {
        $this->config->set('URI.Munge', 'http://www.google.com/url?q=%s');
        $this->assertDef(
            'http://www.example.com/',
            'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F'
        );
        $this->assertDef('index.html');
        $this->assertDef('javascript:foobar();', false);
    }

    function testDefaultSchemeRemovedInBlank() {
        $this->assertDef('http:', '');
    }

    function testDefaultSchemeRemovedInRelativeURI() {
        $this->assertDef('http:/foo/bar', '/foo/bar');
    }

    function testDefaultSchemeNotRemovedInAbsoluteURI() {
        $this->assertDef('http://example.com/foo/bar');
    }

    function testAltSchemeNotRemoved() {
        $this->assertDef('mailto:this-looks-like-a-path@example.com');
    }

    function testResolveNullSchemeAmbiguity() {
        $this->assertDef('///foo', '/foo');
    }

    function testResolveNullSchemeDoubleAmbiguity() {
        $this->config->set('URI.Host', 'example.com');
        $this->assertDef('////foo', '//example.com//foo');
    }

    function testURIDefinitionValidation() {
        $parser = new HTMLPurifier_URIParser();
        $uri = $parser->parse('http://example.com');
        $this->config->set('URI.DefinitionID', 'HTMLPurifier_AttrDef_URITest->testURIDefinitionValidation');

        generate_mock_once('HTMLPurifier_URIDefinition');
        $uri_def = new HTMLPurifier_URIDefinitionMock();
        $uri_def->expectOnce('filter', array($uri, '*', '*'));
        $uri_def->setReturnValue('filter', true, array($uri, '*', '*'));
        $uri_def->expectOnce('postFilter', array($uri, '*', '*'));
        $uri_def->setReturnValue('postFilter', true, array($uri, '*', '*'));
        $uri_def->setup = true;

        // Since definitions are no longer passed by reference, we need
        // to muck around with the cache to insert our mock. This is
        // technically a little bad, since the cache shouldn't change
        // behavior, but I don't feel too good about letting users
        // overload entire definitions.
        generate_mock_once('HTMLPurifier_DefinitionCache');
        $cache_mock = new HTMLPurifier_DefinitionCacheMock();
        $cache_mock->setReturnValue('get', $uri_def);

        generate_mock_once('HTMLPurifier_DefinitionCacheFactory');
        $factory_mock = new HTMLPurifier_DefinitionCacheFactoryMock();
        $old = HTMLPurifier_DefinitionCacheFactory::instance();
        HTMLPurifier_DefinitionCacheFactory::instance($factory_mock);
        $factory_mock->setReturnValue('create', $cache_mock);

        $this->assertDef('http://example.com');

        HTMLPurifier_DefinitionCacheFactory::instance($old);
    }

    function test_make() {
        $factory = new HTMLPurifier_AttrDef_URI();
        $def = $factory->make('');
        $def2 = new HTMLPurifier_AttrDef_URI();
        $this->assertIdentical($def, $def2);

        $def = $factory->make('embedded');
        $def2 = new HTMLPurifier_AttrDef_URI(true);
        $this->assertIdentical($def, $def2);
    }

    /*
    function test_validate_configWhitelist() {

        $this->config->set('URI.HostPolicy', 'DenyAll');
        $this->config->set('URI.HostWhitelist', array(null, 'google.com'));

        $this->assertDef('http://example.com/fo/google.com', false);
        $this->assertDef('server.txt');
        $this->assertDef('ftp://www.google.com/?t=a');
        $this->assertDef('http://google.com.tricky.spamsite.net', false);

    }
    */

}

// vim: et sw=4 sts=4