X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=tests%2Fphpunit%2Fincludes%2FSanitizerTest.php;h=50c1e509809c7433ef1704b3569190a3320ec9ff;hb=5f8b92578167107e91e2b10b631de0cada0b4854;hp=81246d335bf7241fff40fb63107b35b6440a7e9d;hpb=85d95e6abde67286fe69e247e21ac2c3a78db1b6;p=lhc%2Fweb%2Fwiklou.git diff --git a/tests/phpunit/includes/SanitizerTest.php b/tests/phpunit/includes/SanitizerTest.php index 81246d335b..50c1e50980 100644 --- a/tests/phpunit/includes/SanitizerTest.php +++ b/tests/phpunit/includes/SanitizerTest.php @@ -84,15 +84,19 @@ class SanitizerTest extends MediaWikiTestCase { * @covers Sanitizer::decodeCharReferences */ public function testInvalidNumberedEntities() { - $this->assertEquals( UTF8_REPLACEMENT, Sanitizer::decodeCharReferences( "�" ), 'Invalid numbered entity' ); + $this->assertEquals( + UTF8_REPLACEMENT, + Sanitizer::decodeCharReferences( "�" ), + 'Invalid numbered entity' + ); } /** * @covers Sanitizer::removeHTMLtags * @dataProvider provideHtml5Tags * - * @param String $tag Name of an HTML5 element (ie: 'video') - * @param Boolean $escaped Wheter sanitizer let the tag in or escape it (ie: '<video>') + * @param string $tag Name of an HTML5 element (ie: 'video') + * @param bool $escaped Whether sanitizer let the tag in or escape it (ie: '<video>') */ public function testRemovehtmltagsOnHtml5Tags( $tag, $escaped ) { $this->setMwGlobals( array( @@ -180,9 +184,21 @@ class SanitizerTest extends MediaWikiTestCase { array( array( 'foo' => 'bar' ), ' foo = bar ', 'Spaced attribute' ), array( array( 'foo' => 'bar' ), 'foo="bar"', 'Double-quoted attribute' ), array( array( 'foo' => 'bar' ), 'foo=\'bar\'', 'Single-quoted attribute' ), - array( array( 'foo' => 'bar', 'baz' => 'foo' ), 'foo=\'bar\' baz="foo"', 'Several attributes' ), - array( array( 'foo' => 'bar', 'baz' => 'foo' ), 'foo=\'bar\' baz="foo"', 'Several attributes' ), - array( array( 'foo' => 'bar', 'baz' => 'foo' ), 'foo=\'bar\' baz="foo"', 'Several attributes' ), + array( + array( 'foo' => 'bar', 'baz' => 'foo' ), + 'foo=\'bar\' baz="foo"', + 'Several attributes' + ), + array( + array( 'foo' => 'bar', 'baz' => 'foo' ), + 'foo=\'bar\' baz="foo"', + 'Several attributes' + ), + array( + array( 'foo' => 'bar', 'baz' => 'foo' ), + 'foo=\'bar\' baz="foo"', + 'Several attributes' + ), array( array( ':foo' => 'bar' ), ':foo=\'bar\'', 'Leading :' ), array( array( '_foo' => 'bar' ), '_foo=\'bar\'', 'Leading _' ), array( array( 'foo' => 'bar' ), 'Foo=\'bar\'', 'Leading capital' ), @@ -203,9 +219,21 @@ class SanitizerTest extends MediaWikiTestCase { array( array(), 'foo$=baz', 'Symbols are not allowed' ), array( array(), 'foo@=baz', 'Symbols are not allowed' ), array( array(), 'foo~=baz', 'Symbols are not allowed' ), - array( array( 'foo' => '1[#^`*%w/(' ), 'foo=1[#^`*%w/(', 'All kind of characters are allowed as values' ), - array( array( 'foo' => '1[#^`*%\'w/(' ), 'foo="1[#^`*%\'w/("', 'Double quotes are allowed if quoted by single quotes' ), - array( array( 'foo' => '1[#^`*%"w/(' ), 'foo=\'1[#^`*%"w/(\'', 'Single quotes are allowed if quoted by double quotes' ), + array( + array( 'foo' => '1[#^`*%w/(' ), + 'foo=1[#^`*%w/(', + 'All kind of characters are allowed as values' + ), + array( + array( 'foo' => '1[#^`*%\'w/(' ), + 'foo="1[#^`*%\'w/("', + 'Double quotes are allowed if quoted by single quotes' + ), + array( + array( 'foo' => '1[#^`*%"w/(' ), + 'foo=\'1[#^`*%"w/(\'', + 'Single quotes are allowed if quoted by double quotes' + ), array( array( 'foo' => '&"' ), 'foo=&"', 'Special chars can be provided as entities' ), array( array( 'foo' => '&foobar;' ), 'foo=&foobar;', 'Entity-like items are accepted' ), ); @@ -235,7 +263,7 @@ class SanitizerTest extends MediaWikiTestCase { array( 'align="left"', 'tr' ), array( 'align="center"', 'div' ), array( 'align="left"', 'h1' ), - array( 'align="left"', 'span' ), + array( 'align="left"', 'p' ), ); } @@ -266,15 +294,29 @@ class SanitizerTest extends MediaWikiTestCase { 'Remove anything after a comment-start token' ), array( '', "\\2f\\2a unifinished comment'", 'Remove anything after a backslash-escaped comment-start token' ), - array( '/* insecure input */', 'filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\');' ), - array( '/* insecure input */', '-ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\')";' ), + array( + '/* insecure input */', + 'filter: progid:DXImageTransform.Microsoft.AlphaImageLoader' + . '(src=\'asdf.png\',sizingMethod=\'scale\');' + ), + array( + '/* insecure input */', + '-ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader' + . '(src=\'asdf.png\',sizingMethod=\'scale\')";' + ), array( '/* insecure input */', 'width: expression(1+1);' ), array( '/* insecure input */', 'background-image: image(asdf.png);' ), array( '/* insecure input */', 'background-image: -webkit-image(asdf.png);' ), array( '/* insecure input */', 'background-image: -moz-image(asdf.png);' ), array( '/* insecure input */', 'background-image: image-set("asdf.png" 1x, "asdf.png" 2x);' ), - array( '/* insecure input */', 'background-image: -webkit-image-set("asdf.png" 1x, "asdf.png" 2x);' ), - array( '/* insecure input */', 'background-image: -moz-image-set("asdf.png" 1x, "asdf.png" 2x);' ), + array( + '/* insecure input */', + 'background-image: -webkit-image-set("asdf.png" 1x, "asdf.png" 2x);' + ), + array( + '/* insecure input */', + 'background-image: -moz-image-set("asdf.png" 1x, "asdf.png" 2x);' + ), ); } @@ -284,7 +326,12 @@ class SanitizerTest extends MediaWikiTestCase { public static function provideAttributeSupport() { /** array( , , ) */ return array( - array( 'div', ' role="presentation"', ' role="presentation"', 'Support for WAI-ARIA\'s role="presentation".' ), + array( + 'div', + ' role="presentation"', + ' role="presentation"', + 'Support for WAI-ARIA\'s role="presentation".' + ), array( 'div', ' role="main"', '', "Other WAI-ARIA roles are currently not supported." ), ); }