✅ Some more tests for purify_html().
Add some generic HTML, JS, CSS expectations for purify_html(). Also cover our own configuration for HTMLPurifier.
This commit is contained in:
		| @@ -5,7 +5,7 @@ namespace Zotlabs\Tests\Unit\includes; | |||||||
| use Zotlabs\Tests\Unit\UnitTestCase; | use Zotlabs\Tests\Unit\UnitTestCase; | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * @brief Unit Test case for texter. |  * @brief Unit Test case for include/texter.php file. | ||||||
|  * |  * | ||||||
|  * @author ken restivo |  * @author ken restivo | ||||||
|  */ |  */ | ||||||
| @@ -24,14 +24,55 @@ class TextTest extends UnitTestCase { | |||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	public function testPurifyHTML() { | 	public function testPurifyHTML() { | ||||||
| 		$html = '<div id="id01"><p class="p01">text<br><b>b</b></p></div>'; | 		// linebreaks | ||||||
| 		$html_expect = '<div id="id01"><p class="p01">text<br /><b>b</b></p></div>'; | 		$htmlbr = 'first line<br /> | ||||||
|  | 	one tab preserved | ||||||
|  |  | ||||||
|  | empty line above'; | ||||||
|  | 		$this->assertEquals($htmlbr, purify_html($htmlbr)); | ||||||
|  |  | ||||||
|  | 		// HTML5 is not supported by HTMLPurifier yet, test our own configuration | ||||||
| 		$html5elements = '<section>section<nav>navigation</nav><article>main<a href="http://hubzilla.org/">hubzilla.org</a></article></section><footer>footer</footer>'; | 		$html5elements = '<section>section<nav>navigation</nav><article>main<a href="http://hubzilla.org/">hubzilla.org</a></article></section><footer>footer</footer>'; | ||||||
| 		$htmldata = '<div data-title="title">text</div>'; |  | ||||||
|  |  | ||||||
| 		$this->assertEquals($html_expect, purify_html($html)); |  | ||||||
| 		$this->assertEquals($html5elements, purify_html($html5elements)); | 		$this->assertEquals($html5elements, purify_html($html5elements)); | ||||||
| 		$this->assertEquals($htmldata, purify_html($htmldata)); | 		$this->assertEquals('<button>button label</button>', purify_html('<button>button label</button>')); | ||||||
| 	} |  | ||||||
| } |  | ||||||
|  |  | ||||||
|  | 		// preserve f6 and bootstrap additional data attributes from our own configuration | ||||||
|  | 		$this->assertEquals('<div data-title="title">text</div>', purify_html('<div data-title="title">text</div>')); | ||||||
|  | 		$this->assertEquals('<ul data-accordion-menu=""><li>item1</li></ul>', purify_html('<ul data-accordion-menu><li>item1</li></ul>')); | ||||||
|  | 		$this->assertEquals('<ul><li>item1</li></ul>', purify_html('<ul data-accordion-menu-unknown><li>item1</li></ul>')); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	public function testPurifyHTML_html() { | ||||||
|  | 		$this->assertEquals('<div id="id01"><p class="class01">ids und classes</p></div>', purify_html('<div id="id01"><p class="class01">ids und classes</p></div>')); | ||||||
|  | 		$this->assertEquals('<div><p>close missing tags</p></div>', purify_html('<div><p>close missing tags')); | ||||||
|  | 		$this->assertEquals('<center>deprecated tag</center>', purify_html('<center>deprecated tag</center>')); | ||||||
|  | 		$this->assertEquals('<span></span><div>illegal nesting</div>', purify_html('<span><div>illegal nesting</div></span>')); | ||||||
|  | 		$this->assertEquals('<a href="#">link with target</a>', purify_html('<a href="#" target="_blank">link with target</a>')); | ||||||
|  | 		$this->assertEquals('<a href="#">link with rel="nofollow"</a>', purify_html('<a href="#" rel="nofollow">link with rel="nofollow"</a>')); | ||||||
|  | 		$this->assertEquals('a b', purify_html('a b')); | ||||||
|  | 		$this->assertEquals('ä ä € €', purify_html('ä ä € €')); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	public function testPurifyHTML_js() { | ||||||
|  | 		$this->assertEquals('<div></div>', purify_html('<div><img src="javascript:evil();" onload="evil();"></div>')); | ||||||
|  | 		$this->assertEquals('<a href="#">link</a>', purify_html('<a href="#" onclick="alert(\'xss\')">link</a>')); | ||||||
|  | 		$this->assertEquals('', purify_html('<IMG SRC="javascript:alert('XSS');">')); | ||||||
|  | 		$this->assertEquals('', purify_html('<script>alter("42")</script>')); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	public function testPurifyHTML_css() { | ||||||
|  | 		$this->assertEquals('<p style="color:#FF0000;background-color:#fff;">red</p>', purify_html('<p style="color:red; background-color:#fff">red</p>')); | ||||||
|  | 		$this->assertEquals('<p>invalid color</p>', purify_html('<p style="color:invalid; background-color:#jjkkmm">invalid color</p>')); | ||||||
|  | 		$this->assertEquals('<p>invalid style</p>', purify_html('<p style="foo:bar">invalid style</p>')); | ||||||
|  |  | ||||||
|  | 		// test our own CSS configuration | ||||||
|  | 		$this->assertEquals('<div>position removed</div>', purify_html('<div style="position:absolut">position removed</div>')); | ||||||
|  | 		$this->assertEquals('<div style="position:fixed;">position preserved</div>', purify_html('<div style="position:fixed">position preserved</div>', true)); | ||||||
|  | 		$this->assertEquals('<div>invalid position removed</div>', purify_html('<div style="position:invalid">invalid position removed</div>', true)); | ||||||
|  |  | ||||||
|  | 		$this->assertEquals('<div>position removed</div>', purify_html('<div style="top:10px; left:3em;">position removed</div>')); | ||||||
|  | 		$this->assertEquals('<div style="top:10px;left:3em;right:50%;">position preserved</div>', purify_html('<div style="top:10px; left:3em; right:50%;">position preserved</div>', true)); | ||||||
|  | 		$this->assertEquals('<div>invalid position removed</div>', purify_html('<div style="top:10p">invalid position removed</div>', true)); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | } | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user