. /** * Unit tests for the HTMLPurifier integration * * @package core * @category phpunit * @copyright 2012 Petr Skoda {@link http://skodak.org} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ defined('MOODLE_INTERNAL') || die(); /** * HTMLPurifier test case * * @package core * @category phpunit * @copyright 2012 Petr Skoda {@link http://skodak.org} * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ class core_htmlpurifier_testcase extends basic_testcase { /** * Verify _blank target is allowed. */ public function test_allow_blank_target() { // See MDL-52651 for an explanation as to why the rel="noreferrer" attribute is expected here. // Also note we do not need to test links with an existing rel attribute as the HTML Purifier is configured to remove // the rel attribute. $text = 'Some link'; $expected = 'Some link'; $result = format_text($text, FORMAT_HTML); $this->assertSame($expected, $result); $result = format_text('Some link', FORMAT_HTML); $this->assertSame('Some link', $result); } /** * Verify our nolink tag accepted. */ public function test_nolink() { // We can not use format text because nolink changes result. $text = '
no filters
'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'xxxxx
xxx
'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Verify our tex tag accepted. */ public function test_tex() { $text = 'a+b=c'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Verify our algebra tag accepted. */ public function test_algebra() { $text = 'a+b=c'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Verify our hacky multilang works. */ public function test_multilang() { $text = 'hmmmhm'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'hmmmhm'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'hmmm'; $result = purify_html($text, array()); $this->assertNotSame($text, $result); // Keep standard lang tags. $text = 'asas'; $result = purify_html($text, array()); $this->assertSame($text, $result); $text = 'xxxxxx'; $result = purify_html($text, array()); $this->assertSame($text, $result); } /** * Tests the 'allowid' option for format_text. */ public function test_format_text_allowid() { // Start off by not allowing ids (default). $options = array( 'nocache' => true ); $result = format_text('
Frog
', FORMAT_HTML, $options); $this->assertSame('
Frog
', $result); // Now allow ids. $options['allowid'] = true; $result = format_text('
Frog
', FORMAT_HTML, $options); $this->assertSame('
Frog
', $result); } public function test_allowobjectembed() { global $CFG; $this->assertSame('0', $CFG->allowobjectembed); $text = ' hmmm'; $result = purify_html($text, array()); $this->assertSame('hmmm', trim($result)); $CFG->allowobjectembed = '1'; $expected = ' hmmm'; $result = purify_html($text, array()); $this->assertSame(str_replace("\n", '', $expected), str_replace("\n", '', $result)); $CFG->allowobjectembed = '0'; $result = purify_html($text, array()); $this->assertSame('hmmm', trim($result)); } /** * Test if linebreaks kept unchanged. */ public function test_line_breaking() { $text = "\n\raa\rsss\nsss\r"; $this->assertSame($text, purify_html($text)); } /** * Test fixing of strict problems. */ public function test_tidy() { $text = "

xx"; $this->assertSame('

xx

', purify_html($text)); $text = "

xx

"; $this->assertSame('

xx

', purify_html($text)); $text = "xx
"; $this->assertSame('xx
', purify_html($text)); } /** * Test nesting - this used to cause problems in earlier versions. */ public function test_nested_lists() { $text = ""; $this->assertSame($text, purify_html($text)); } /** * Test that XSS protection works, complete smoke tests are in htmlpurifier itself. */ public function test_cleaning_nastiness() { $text = "xx"; $this->assertSame('xx', purify_html($text)); $text = '
xx
'; $this->assertSame('
xx
', purify_html($text)); $text = '
xx
'; $this->assertSame('
xx
', purify_html($text)); $text = 'xx'; $this->assertSame('xx', purify_html($text)); $text = 'xx'; $this->assertSame('xx', purify_html($text)); $text = 'xx'; $this->assertSame('xx', purify_html($text)); $text = 'x
x'; $this->assertSame('xx', purify_html($text)); } /** * Test internal function used for clean_text() speedup. */ public function test_is_purify_html_necessary() { // First our shortcuts. $text = ""; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "666"; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "abc\ndef \" ' "; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "abc\n

def

efg

hij

"; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); $text = "
abc\n

defefghi
j

"; $this->assertFalse(is_purify_html_necessary($text)); $this->assertSame($text, purify_html($text)); // Now failures. $text = " "; $this->assertTrue(is_purify_html_necessary($text)); $text = "Gin & Tonic"; $this->assertTrue(is_purify_html_necessary($text)); $text = "Gin > Tonic"; $this->assertTrue(is_purify_html_necessary($text)); $text = "Gin < Tonic"; $this->assertTrue(is_purify_html_necessary($text)); $text = "
abc
"; $this->assertTrue(is_purify_html_necessary($text)); $text = "abc"; $this->assertTrue(is_purify_html_necessary($text)); $text = "
abc"; $this->assertTrue(is_purify_html_necessary($text)); $text = "

abc

"; $this->assertTrue(is_purify_html_necessary($text)); $text = "

abc

"; $this->assertTrue(is_purify_html_necessary($text)); $text = "

abc"; $this->assertTrue(is_purify_html_necessary($text)); } public function test_allowed_schemes() { // First standard schemas. $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); // Extra schemes allowed in moodle. $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); $text = 'link'; $this->assertSame($text, purify_html($text)); // Now some borked or dangerous schemes. $text = 'link'; $this->assertSame('link', purify_html($text)); $text = 'link'; $this->assertSame('link', purify_html($text)); } }