tests/HTMLPurifier/Injector/SafeObjectTest.php

   1 <?php
   2
   3 /**
   4  * This test is kinda weird, because it doesn't test the full safe object
   5  * functionality, just a small section of it. Or maybe it's actually the right
   6  * way.
   7  */
   8 class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness
   9 {
  10
  11     function setup() {
  12         parent::setup();
  13         // there is no AutoFormat.SafeObject directive
  14         $this->config->set('AutoFormat.Custom', array(new HTMLPurifier_Injector_SafeObject()));
  15         $this->config->set('HTML.Trusted', true);
  16     }
  17
  18     function testPreserve() {
  19         $this->assertResult(
  20             '<b>asdf</b>'
  21         );
  22     }
  23
  24     function testRemoveStrayParam() {
  25         $this->assertResult(
  26             '<param />',
  27             ''
  28         );
  29     }
  30
  31     function testEditObjectParam() {
  32         $this->assertResult(
  33             '<object></object>',
  34             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  35         );
  36     }
  37
  38     function testIgnoreStrayParam() {
  39         $this->assertResult(
  40             '<object><param /></object>',
  41             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  42         );
  43     }
  44
  45     function testIgnoreDuplicates() {
  46         $this->assertResult(
  47             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  48         );
  49     }
  50
  51     function testIgnoreBogusData() {
  52         $this->assertResult(
  53             '<object><param name="allowScriptAccess" value="always" /><param name="allowNetworking" value="always" /></object>',
  54             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  55         );
  56     }
  57
  58     function testIgnoreInvalidData() {
  59         $this->assertResult(
  60             '<object><param name="foo" value="bar" /></object>',
  61             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
  62         );
  63     }
  64
  65     function testKeepValidData() {
  66         $this->assertResult(
  67             '<object><param name="movie" value="bar" /></object>',
  68             '<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>'
  69         );
  70     }
  71
  72     function testNested() {
  73         $this->assertResult(
  74             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>',
  75             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>'
  76         );
  77     }
  78
  79     function testNotActuallyNested() {
  80         $this->assertResult(
  81             '<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>',
  82             '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>'
  83         );
  84     }
  85
  86 }
  87
  88 // vim: et sw=4 sts=4