3 class SanitizerTest
extends MediaWikiTestCase
{
6 AutoLoader
::loadClass( 'Sanitizer' );
9 function testDecodeNamedEntities() {
12 Sanitizer
::decodeCharReferences( 'école' ),
13 'decode named entities'
17 function testDecodeNumericEntities() {
19 "\xc4\x88io bonas dans l'\xc3\xa9cole!",
20 Sanitizer
::decodeCharReferences( "Ĉio bonas dans l'école!" ),
21 'decode numeric entities'
25 function testDecodeMixedEntities() {
27 "\xc4\x88io bonas dans l'\xc3\xa9cole!",
28 Sanitizer
::decodeCharReferences( "Ĉio bonas dans l'école!" ),
29 'decode mixed numeric/named entities'
33 function testDecodeMixedComplexEntities() {
35 "\xc4\x88io bonas dans l'\xc3\xa9cole! (mais pas Ĉio dans l'école)",
36 Sanitizer
::decodeCharReferences(
37 "Ĉio bonas dans l'école! (mais pas Ĉio dans l'école)"
39 'decode mixed complex entities'
43 function testInvalidAmpersand() {
46 Sanitizer
::decodeCharReferences( 'a & b' ),
51 function testInvalidEntities() {
54 Sanitizer
::decodeCharReferences( '&foo;' ),
55 'Invalid named entity'
59 function testInvalidNumberedEntities() {
60 $this->assertEquals( UTF8_REPLACEMENT
, Sanitizer
::decodeCharReferences( "�" ), 'Invalid numbered entity' );
63 function testSelfClosingTag() {
64 $GLOBALS['wgUseTidy'] = false;
66 '<div>Hello world</div>',
67 Sanitizer
::removeHTMLtags( '<div>Hello world</div />' ),
68 'Self-closing closing div'
72 function testDecodeTagAttributes() {
73 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=bar' ), array( 'foo' => 'bar' ), 'Unquoted attribute' );
74 $this->assertEquals( Sanitizer
::decodeTagAttributes( ' foo = bar ' ), array( 'foo' => 'bar' ), 'Spaced attribute' );
75 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo="bar"' ), array( 'foo' => 'bar' ), 'Double-quoted attribute' );
76 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Single-quoted attribute' );
77 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
79 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
80 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
82 $this->assertEquals( Sanitizer
::decodeTagAttributes( ':foo=\'bar\'' ), array( ':foo' => 'bar' ), 'Leading :' );
83 $this->assertEquals( Sanitizer
::decodeTagAttributes( '_foo=\'bar\'' ), array( '_foo' => 'bar' ), 'Leading _' );
84 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'Foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Leading capital' );
85 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'FOO=BAR' ), array( 'foo' => 'BAR' ), 'Attribute keys are normalized to lowercase' );
88 $this->assertEquals( Sanitizer
::decodeTagAttributes( '-foo=bar' ), array(), 'Leading - is forbidden' );
89 $this->assertEquals( Sanitizer
::decodeTagAttributes( '.foo=bar' ), array(), 'Leading . is forbidden' );
90 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo-bar=bar' ), array( 'foo-bar' => 'bar' ), 'A - is allowed inside the attribute' );
91 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo-=bar' ), array( 'foo-' => 'bar' ), 'A - is allowed inside the attribute' );
93 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo.bar=baz' ), array( 'foo.bar' => 'baz' ), 'A . is allowed inside the attribute' );
94 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo.=baz' ), array( 'foo.' => 'baz' ), 'A . is allowed as last character' );
96 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo6=baz' ), array( 'foo6' => 'baz' ), 'Numbers are allowed' );
98 # This bit is more relaxed than XML rules, but some extensions use it, like ProofreadPage (see bug 27539)
99 $this->assertEquals( Sanitizer
::decodeTagAttributes( '1foo=baz' ), array( '1foo' => 'baz' ), 'Leading numbers are allowed' );
101 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo$=baz' ), array(), 'Symbols are not allowed' );
102 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo@=baz' ), array(), 'Symbols are not allowed' );
103 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo~=baz' ), array(), 'Symbols are not allowed' );
106 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=1[#^`*%w/(' ), array( 'foo' => '1[#^`*%w/(' ), 'All kind of characters are allowed as values' );
107 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo="1[#^`*%\'w/("' ), array( 'foo' => '1[#^`*%\'w/(' ), 'Double quotes are allowed if quoted by single quotes' );
108 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=\'1[#^`*%"w/(\'' ), array( 'foo' => '1[#^`*%"w/(' ), 'Single quotes are allowed if quoted by double quotes' );
109 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=&"' ), array( 'foo' => '&"' ), 'Special chars can be provided as entities' );
110 $this->assertEquals( Sanitizer
::decodeTagAttributes( 'foo=&foobar;' ), array( 'foo' => '&foobar;' ), 'Entity-like items are accepted' );