lib/htmlpurifier/tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

<?php

class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarness
{

    function setUp() {
        parent::setUp();
        $this->filter = new HTMLPurifier_URIFilter_MakeAbsolute();
        $this->setBase();
    }

    function setBase($base = 'http://example.com/foo/bar.html?q=s#frag') {
        $this->config->set('URI.Base', $base);
    }

    // corresponding to RFC 2396

    function testPreserveAbsolute() {
        $this->assertFiltering('http://example.com/foo.html');
    }

    function testFilterBlank() {
        $this->assertFiltering('', 'http://example.com/foo/bar.html?q=s');
    }

    function testFilterEmptyPath() {
        $this->assertFiltering('?q=s#frag', 'http://example.com/foo/bar.html?q=s#frag');
    }

    function testPreserveAltScheme() {
        $this->assertFiltering('mailto:bob@example.com');
    }

    function testFilterIgnoreHTTPSpecialCase() {
        $this->assertFiltering('http:/', 'http://example.com/');
    }

    function testFilterAbsolutePath() {
        $this->assertFiltering('/foo.txt', 'http://example.com/foo.txt');
    }

    function testFilterRelativePath() {
        $this->assertFiltering('baz.txt', 'http://example.com/foo/baz.txt');
    }

    function testFilterRelativePathWithInternalDot() {
        $this->assertFiltering('./baz.txt', 'http://example.com/foo/baz.txt');
    }

    function testFilterRelativePathWithEndingDot() {
        $this->assertFiltering('baz/.', 'http://example.com/foo/baz/');
    }

    function testFilterRelativePathDot() {
        $this->assertFiltering('.', 'http://example.com/foo/');
    }

    function testFilterRelativePathMultiDot() {
        $this->assertFiltering('././foo/./bar/.././baz', 'http://example.com/foo/foo/baz');
    }

    function testFilterAbsolutePathWithDot() {
        $this->assertFiltering('/./foo', 'http://example.com/foo');
    }

    function testFilterAbsolutePathWithMultiDot() {
        $this->assertFiltering('/./foo/../bar/.', 'http://example.com/bar/');
    }

    function testFilterRelativePathWithInternalDotDot() {
        $this->assertFiltering('../baz.txt', 'http://example.com/baz.txt');
    }

    function testFilterRelativePathWithEndingDotDot() {
        $this->assertFiltering('..', 'http://example.com/');
    }

    function testFilterRelativePathTooManyDotDots() {
        $this->assertFiltering('../../', 'http://example.com/');
    }

    function testFilterAppendingQueryAndFragment() {
        $this->assertFiltering('/foo.php?q=s#frag', 'http://example.com/foo.php?q=s#frag');
    }

    // edge cases below

    function testFilterAbsolutePathBase() {
        $this->setBase('/foo/baz.txt');
        $this->assertFiltering('test.php', '/foo/test.php');
    }

    function testFilterAbsolutePathBaseDirectory() {
        $this->setBase('/foo/');
        $this->assertFiltering('test.php', '/foo/test.php');
    }

    function testFilterAbsolutePathBaseBelow() {
        $this->setBase('/foo/baz.txt');
        $this->assertFiltering('../../test.php', '/test.php');
    }

    function testFilterRelativePathBase() {
        $this->setBase('foo/baz.html');
        $this->assertFiltering('foo.php', 'foo/foo.php');
    }

    function testFilterRelativePathBaseBelow() {
        $this->setBase('../baz.html');
        $this->assertFiltering('test/strike.html', '../test/strike.html');
    }

    function testFilterRelativePathBaseWithAbsoluteURI() {
        $this->setBase('../baz.html');
        $this->assertFiltering('/test/strike.html');
    }

    function testFilterRelativePathBaseWithDot() {
        $this->setBase('../baz.html');
        $this->assertFiltering('.', '../');
    }

    function testRemoveJavaScriptWithEmbeddedLink() {
        // credits: NykO18
        $this->setBase('http://www.example.com/');
        $this->assertFiltering('javascript: window.location = \'http://www.example.com\';', false);
    }

    // miscellaneous

    function testFilterDomainWithNoSlash() {
        $this->setBase('http://example.com');
        $this->assertFiltering('foo', 'http://example.com/foo');
    }

    // error case

    function testErrorNoBase() {
        $this->setBase(null);
        $this->expectError('URI.MakeAbsolute is being ignored due to lack of value for URI.Base configuration');
        $this->assertFiltering('foo/bar.txt');
    }

}

// vim: et sw=4 sts=4