waibao
/
NN2024010801


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
							<?php

/**
 * This test is kinda weird, because it doesn't test the full safe object
 * functionality, just a small section of it. Or maybe it's actually the right
 * way.
 */
class HTMLPurifier_Injector_SafeObjectTest extends HTMLPurifier_InjectorHarness
{

    public function setup()
    {
        parent::setup();
        // there is no AutoFormat.SafeObject directive
        $this->config->set('AutoFormat.Custom', array(new HTMLPurifier_Injector_SafeObject()));
        $this->config->set('HTML.Trusted', true);
    }

    public function testPreserve()
    {
        $this->assertResult(
            '<b>asdf</b>'
        );
    }

    public function testRemoveStrayParam()
    {
        $this->assertResult(
            '<param />',
            ''
        );
    }

    public function testEditObjectParam()
    {
        $this->assertResult(
            '<object></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreStrayParam()
    {
        $this->assertResult(
            '<object><param /></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreDuplicates()
    {
        $this->assertResult(
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreBogusData()
    {
        $this->assertResult(
            '<object><param name="allowscriptaccess" value="always" /><param name="allowNetworking" value="always" /></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testIgnoreInvalidData()
    {
        $this->assertResult(
            '<object><param name="foo" value="bar" /></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object>'
        );
    }

    public function testKeepValidData()
    {
        $this->assertResult(
            '<object><param name="movie" value="bar" /></object>',
            '<object data="bar"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="bar" /></object>'
        );
    }

    public function testNested()
    {
        $this->assertResult(
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object></object></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></object></object>'
        );
    }

    public function testNotActuallyNested()
    {
        $this->assertResult(
            '<object><p><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /></p></object>',
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><p></p></object>'
        );
    }

    public function testCaseInsensitive()
    {
        $this->assertResult(
            '<object><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="flashVars" value="a" /><param name="FlashVars" value="b" /></object>'
        );
    }

}

// vim: et sw=4 sts=4