dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Make PatrolLog::record() use RecentChange::getTitle(); no need to create a...
[lhc/web/wiklou.git] / tests / phpunit / includes / SanitizerTest.php
1 <?php
2
3 class SanitizerTest extends MediaWikiTestCase {
4
5 function setUp() {
6 AutoLoader::loadClass( 'Sanitizer' );
7 }
8
9 function testDecodeNamedEntities() {
10 $this->assertEquals(
11 "\xc3\xa9cole",
12 Sanitizer::decodeCharReferences( '&eacute;cole' ),
13 'decode named entities'
14 );
15 }
16
17 function testDecodeNumericEntities() {
18 $this->assertEquals(
19 "\xc4\x88io bonas dans l'\xc3\xa9cole!",
20 Sanitizer::decodeCharReferences( "&#x108;io bonas dans l'&#233;cole!" ),
21 'decode numeric entities'
22 );
23 }
24
25 function testDecodeMixedEntities() {
26 $this->assertEquals(
27 "\xc4\x88io bonas dans l'\xc3\xa9cole!",
28 Sanitizer::decodeCharReferences( "&#x108;io bonas dans l'&eacute;cole!" ),
29 'decode mixed numeric/named entities'
30 );
31 }
32
33 function testDecodeMixedComplexEntities() {
34 $this->assertEquals(
35 "\xc4\x88io bonas dans l'\xc3\xa9cole! (mais pas &#x108;io dans l'&eacute;cole)",
36 Sanitizer::decodeCharReferences(
37 "&#x108;io bonas dans l'&eacute;cole! (mais pas &amp;#x108;io dans l'&#38;eacute;cole)"
38 ),
39 'decode mixed complex entities'
40 );
41 }
42
43 function testInvalidAmpersand() {
44 $this->assertEquals(
45 'a & b',
46 Sanitizer::decodeCharReferences( 'a & b' ),
47 'Invalid ampersand'
48 );
49 }
50
51 function testInvalidEntities() {
52 $this->assertEquals(
53 '&foo;',
54 Sanitizer::decodeCharReferences( '&foo;' ),
55 'Invalid named entity'
56 );
57 }
58
59 function testInvalidNumberedEntities() {
60 $this->assertEquals( UTF8_REPLACEMENT, Sanitizer::decodeCharReferences( "&#88888888888888;" ), 'Invalid numbered entity' );
61 }
62
63 function testSelfClosingTag() {
64 $GLOBALS['wgUseTidy'] = false;
65 $this->assertEquals(
66 '<div>Hello world</div>',
67 Sanitizer::removeHTMLtags( '<div>Hello world</div />' ),
68 'Self-closing closing div'
69 );
70 }
71
72 function testDecodeTagAttributes() {
73 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=bar' ), array( 'foo' => 'bar' ), 'Unquoted attribute' );
74 $this->assertEquals( Sanitizer::decodeTagAttributes( ' foo = bar ' ), array( 'foo' => 'bar' ), 'Spaced attribute' );
75 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="bar"' ), array( 'foo' => 'bar' ), 'Double-quoted attribute' );
76 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Single-quoted attribute' );
77 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
78
79 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
80 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
81
82 $this->assertEquals( Sanitizer::decodeTagAttributes( ':foo=\'bar\'' ), array( ':foo' => 'bar' ), 'Leading :' );
83 $this->assertEquals( Sanitizer::decodeTagAttributes( '_foo=\'bar\'' ), array( '_foo' => 'bar' ), 'Leading _' );
84 $this->assertEquals( Sanitizer::decodeTagAttributes( 'Foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Leading capital' );
85 $this->assertEquals( Sanitizer::decodeTagAttributes( 'FOO=BAR' ), array( 'foo' => 'BAR' ), 'Attribute keys are normalized to lowercase' );
86
87 # Invalid beginning
88 $this->assertEquals( Sanitizer::decodeTagAttributes( '-foo=bar' ), array(), 'Leading - is forbidden' );
89 $this->assertEquals( Sanitizer::decodeTagAttributes( '.foo=bar' ), array(), 'Leading . is forbidden' );
90 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-bar=bar' ), array( 'foo-bar' => 'bar' ), 'A - is allowed inside the attribute' );
91 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-=bar' ), array( 'foo-' => 'bar' ), 'A - is allowed inside the attribute' );
92
93 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.bar=baz' ), array( 'foo.bar' => 'baz' ), 'A . is allowed inside the attribute' );
94 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.=baz' ), array( 'foo.' => 'baz' ), 'A . is allowed as last character' );
95
96 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo6=baz' ), array( 'foo6' => 'baz' ), 'Numbers are allowed' );
97
98 # This bit is more relaxed than XML rules, but some extensions use it, like ProofreadPage (see bug 27539)
99 $this->assertEquals( Sanitizer::decodeTagAttributes( '1foo=baz' ), array( '1foo' => 'baz' ), 'Leading numbers are allowed' );
100
101 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo$=baz' ), array(), 'Symbols are not allowed' );
102 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo@=baz' ), array(), 'Symbols are not allowed' );
103 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo~=baz' ), array(), 'Symbols are not allowed' );
104
105
106 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=1[#^`*%w/(' ), array( 'foo' => '1[#^`*%w/(' ), 'All kind of characters are allowed as values' );
107 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="1[#^`*%\'w/("' ), array( 'foo' => '1[#^`*%\'w/(' ), 'Double quotes are allowed if quoted by single quotes' );
108 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'1[#^`*%"w/(\'' ), array( 'foo' => '1[#^`*%"w/(' ), 'Single quotes are allowed if quoted by double quotes' );
109 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&amp;&quot;' ), array( 'foo' => '&"' ), 'Special chars can be provided as entities' );
110 $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&foobar;' ), array( 'foo' => '&foobar;' ), 'Entity-like items are accepted' );
111 }
112
113 function testDeprecatedAttributesDisabled() {
114 $GLOBALS['wgCleanupPresentationalAttributes'] = false;
115 $this->assertEquals( ' clear="left"', Sanitizer::fixTagAttributes( 'clear="left"', 'br' ), 'Deprecated attributes are not converted to styles when enabled.' );
116 }
117
118 /**
119 * @dataProvider provideDeprecatedAttributes
120 */
121 function testDeprecatedAttributes( $input, $tag, $expected, $message = null ) {
122 $GLOBALS['wgCleanupPresentationalAttributes'] = true;
123 $this->assertEquals( $expected, Sanitizer::fixTagAttributes( $input, $tag ), $message );
124 }
125
126 function provideDeprecatedAttributes() {
127 return array(
128 array( 'clear="left"', 'br', ' style="clear: left;"', 'Deprecated attributes are converted to styles when enabled.' ),
129 array( 'clear="all"', 'br', ' style="clear: both;"', 'clear=all is converted to clear: both; not clear: all;' ),
130 array( 'CLEAR="ALL"', 'br', ' style="clear: both;"', 'clear=ALL is not treated differently from clear=all' ),
131 array( 'width="100"', 'td', ' style="width: 100px;"', 'Numeric sizes use pixels instead of numbers.' ),
132 array( 'width="100%"', 'td', ' style="width: 100%;"', 'Units are allowed in sizes.' ),
133 array( 'WIDTH="100%"', 'td', ' style="width: 100%;"', 'Uppercase WIDTH is treated as lowercase width.' ),
134 array( 'WiDTh="100%"', 'td', ' style="width: 100%;"', 'Mixed case does not break WiDTh.' ),
135 array( 'nowrap="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute is output as white-space: nowrap; not something else.' ),
136 array( 'nowrap=""', 'td', ' style="white-space: nowrap;"', 'nowrap="" is considered true, not false' ),
137 array( 'NOWRAP="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute works when uppercase.' ),
138 array( 'NoWrAp="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute works when mixed-case.' ),
139 array( 'align="right"', 'td', ' style="text-align: right;"', 'align on table cells gets converted to text-align' ),
140 array( 'align="center"', 'td', ' style="text-align: center;"', 'align on table cells gets converted to text-align' ),
141 array( 'align="left"', 'div', ' style="float: left;"', 'align=(left|right) on non-cells gets converted to float' ),
142 array( 'align="center"', 'div', ' style="margin-left: auto; margin-right: auto;"', 'align="center" on non-cells' ),
143 );
144 }
145
146 /**
147 * @dataProvider provideCssCommentsFixtures
148 */
149 function testCssCommentsChecking( $expected, $css, $message = '' ) {
150 $this->assertEquals(
151 $expected,
152 Sanitizer::checkCss( $css ),
153 $message
154 );
155 }
156
157 function provideCssCommentsFixtures() {
158 /** array( <expected>, <css>, [message] ) */
159 return array(
160 array( ' ', '/**/' ),
161 array( ' ', '/****/' ),
162 array( ' ', '/* comment */' ),
163 array( ' ', "\\2f\\2a foo \\2a\\2f",
164 'Backslash-escaped comments must be stripped (bug 28450)' ),
165 array( '', '/* unfinished comment structure',
166 'Remove anything after a comment-start token' ),
167 array( '', "\\2f\\2a unifinished comment'",
168 'Remove anything after a backslash-escaped comment-start token' ),
169 );
170 }
171 }
172
Wiklou, le Wiki du Wiklou