- Generated on Thu Nov 21 2013 13:29:02 for MediaWiki by
1.7.6.1
|
MediaWiki
REL1_20
|
00001 <?php 00002 00003 class SanitizerTest extends MediaWikiTestCase { 00004 00005 function setUp() { 00006 AutoLoader::loadClass( 'Sanitizer' ); 00007 } 00008 00009 function testDecodeNamedEntities() { 00010 $this->assertEquals( 00011 "\xc3\xa9cole", 00012 Sanitizer::decodeCharReferences( 'école' ), 00013 'decode named entities' 00014 ); 00015 } 00016 00017 function testDecodeNumericEntities() { 00018 $this->assertEquals( 00019 "\xc4\x88io bonas dans l'\xc3\xa9cole!", 00020 Sanitizer::decodeCharReferences( "Ĉio bonas dans l'école!" ), 00021 'decode numeric entities' 00022 ); 00023 } 00024 00025 function testDecodeMixedEntities() { 00026 $this->assertEquals( 00027 "\xc4\x88io bonas dans l'\xc3\xa9cole!", 00028 Sanitizer::decodeCharReferences( "Ĉio bonas dans l'école!" ), 00029 'decode mixed numeric/named entities' 00030 ); 00031 } 00032 00033 function testDecodeMixedComplexEntities() { 00034 $this->assertEquals( 00035 "\xc4\x88io bonas dans l'\xc3\xa9cole! (mais pas Ĉio dans l'école)", 00036 Sanitizer::decodeCharReferences( 00037 "Ĉio bonas dans l'école! (mais pas &#x108;io dans l'&eacute;cole)" 00038 ), 00039 'decode mixed complex entities' 00040 ); 00041 } 00042 00043 function testInvalidAmpersand() { 00044 $this->assertEquals( 00045 'a & b', 00046 Sanitizer::decodeCharReferences( 'a & b' ), 00047 'Invalid ampersand' 00048 ); 00049 } 00050 00051 function testInvalidEntities() { 00052 $this->assertEquals( 00053 '&foo;', 00054 Sanitizer::decodeCharReferences( '&foo;' ), 00055 'Invalid named entity' 00056 ); 00057 } 00058 00059 function testInvalidNumberedEntities() { 00060 $this->assertEquals( UTF8_REPLACEMENT, Sanitizer::decodeCharReferences( "�" ), 'Invalid numbered entity' ); 00061 } 00062 00063 function testSelfClosingTag() { 00064 $GLOBALS['wgUseTidy'] = false; 00065 $this->assertEquals( 00066 '<div>Hello world</div>', 00067 Sanitizer::removeHTMLtags( '<div>Hello world</div />' ), 00068 'Self-closing closing div' 00069 ); 00070 } 00071 00072 function testDecodeTagAttributes() { 00073 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=bar' ), array( 'foo' => 'bar' ), 'Unquoted attribute' ); 00074 $this->assertEquals( Sanitizer::decodeTagAttributes( ' foo = bar ' ), array( 'foo' => 'bar' ), 'Spaced attribute' ); 00075 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="bar"' ), array( 'foo' => 'bar' ), 'Double-quoted attribute' ); 00076 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Single-quoted attribute' ); 00077 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' ); 00078 00079 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' ); 00080 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' ); 00081 00082 $this->assertEquals( Sanitizer::decodeTagAttributes( ':foo=\'bar\'' ), array( ':foo' => 'bar' ), 'Leading :' ); 00083 $this->assertEquals( Sanitizer::decodeTagAttributes( '_foo=\'bar\'' ), array( '_foo' => 'bar' ), 'Leading _' ); 00084 $this->assertEquals( Sanitizer::decodeTagAttributes( 'Foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Leading capital' ); 00085 $this->assertEquals( Sanitizer::decodeTagAttributes( 'FOO=BAR' ), array( 'foo' => 'BAR' ), 'Attribute keys are normalized to lowercase' ); 00086 00087 # Invalid beginning 00088 $this->assertEquals( Sanitizer::decodeTagAttributes( '-foo=bar' ), array(), 'Leading - is forbidden' ); 00089 $this->assertEquals( Sanitizer::decodeTagAttributes( '.foo=bar' ), array(), 'Leading . is forbidden' ); 00090 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-bar=bar' ), array( 'foo-bar' => 'bar' ), 'A - is allowed inside the attribute' ); 00091 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-=bar' ), array( 'foo-' => 'bar' ), 'A - is allowed inside the attribute' ); 00092 00093 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.bar=baz' ), array( 'foo.bar' => 'baz' ), 'A . is allowed inside the attribute' ); 00094 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.=baz' ), array( 'foo.' => 'baz' ), 'A . is allowed as last character' ); 00095 00096 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo6=baz' ), array( 'foo6' => 'baz' ), 'Numbers are allowed' ); 00097 00098 # This bit is more relaxed than XML rules, but some extensions use it, like ProofreadPage (see bug 27539) 00099 $this->assertEquals( Sanitizer::decodeTagAttributes( '1foo=baz' ), array( '1foo' => 'baz' ), 'Leading numbers are allowed' ); 00100 00101 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo$=baz' ), array(), 'Symbols are not allowed' ); 00102 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo@=baz' ), array(), 'Symbols are not allowed' ); 00103 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo~=baz' ), array(), 'Symbols are not allowed' ); 00104 00105 00106 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=1[#^`*%w/(' ), array( 'foo' => '1[#^`*%w/(' ), 'All kind of characters are allowed as values' ); 00107 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="1[#^`*%\'w/("' ), array( 'foo' => '1[#^`*%\'w/(' ), 'Double quotes are allowed if quoted by single quotes' ); 00108 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'1[#^`*%"w/(\'' ), array( 'foo' => '1[#^`*%"w/(' ), 'Single quotes are allowed if quoted by double quotes' ); 00109 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&"' ), array( 'foo' => '&"' ), 'Special chars can be provided as entities' ); 00110 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&foobar;' ), array( 'foo' => '&foobar;' ), 'Entity-like items are accepted' ); 00111 } 00112 00116 function testDeprecatedAttributesUnaltered( $inputAttr, $inputEl ) { 00117 $this->assertEquals( " $inputAttr", Sanitizer::fixTagAttributes( $inputAttr, $inputEl ) ); 00118 } 00119 00120 public static function provideDeprecatedAttributes() { 00121 return array( 00122 array( 'clear="left"', 'br' ), 00123 array( 'clear="all"', 'br' ), 00124 array( 'width="100"', 'td' ), 00125 array( 'nowrap="true"', 'td' ), 00126 array( 'nowrap=""', 'td' ), 00127 array( 'align="right"', 'td' ), 00128 array( 'align="center"', 'table' ), 00129 array( 'align="left"', 'tr' ), 00130 array( 'align="center"', 'div' ), 00131 array( 'align="left"', 'h1' ), 00132 array( 'align="left"', 'span' ), 00133 ); 00134 } 00135 00139 function testCssCommentsChecking( $expected, $css, $message = '' ) { 00140 $this->assertEquals( 00141 $expected, 00142 Sanitizer::checkCss( $css ), 00143 $message 00144 ); 00145 } 00146 00147 function provideCssCommentsFixtures() { 00149 return array( 00150 array( ' ', '/**/' ), 00151 array( ' ', '/****/' ), 00152 array( ' ', '/* comment */' ), 00153 array( ' ', "\\2f\\2a foo \\2a\\2f", 00154 'Backslash-escaped comments must be stripped (bug 28450)' ), 00155 array( '', '/* unfinished comment structure', 00156 'Remove anything after a comment-start token' ), 00157 array( '', "\\2f\\2a unifinished comment'", 00158 'Remove anything after a backslash-escaped comment-start token' ), 00159 ); 00160 } 00161 } 00162
1.7.6.1