array( ' ', "\\2f\\2a foo \\2a\\2f",
'Backslash-escaped comments must be stripped (bug 28450)' ),
array( '', '/* unfinished comment structure',
- 'Remove anything after a comment-start token' ),
+ 'Remove anything after a comment-start token' ),
array( '', "\\2f\\2a unifinished comment'",
- 'Remove anything after a backslash-escaped comment-start token' ),
- array( '/* insecure input */', 'filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\');'),
- array( '/* insecure input */', '-ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\')";'),
- array( '/* insecure input */', 'width: expression(1+1);'),
- array( '/* insecure input */', 'background-image: image(asdf.png);'),
- array( '/* insecure input */', 'background-image: -webkit-image(asdf.png);'),
- array( '/* insecure input */', 'background-image: -moz-image(asdf.png);'),
- array( '/* insecure input */', 'background-image: image-set("asdf.png" 1x, "asdf.png" 2x);'),
- array( '/* insecure input */', 'background-image: -webkit-image-set("asdf.png" 1x, "asdf.png" 2x);'),
- array( '/* insecure input */', 'background-image: -moz-image-set("asdf.png" 1x, "asdf.png" 2x);'),
+ 'Remove anything after a backslash-escaped comment-start token' ),
+ array( '/* insecure input */', 'filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\');' ),
+ array( '/* insecure input */', '-ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\')";' ),
+ array( '/* insecure input */', 'width: expression(1+1);' ),
+ array( '/* insecure input */', 'background-image: image(asdf.png);' ),
+ array( '/* insecure input */', 'background-image: -webkit-image(asdf.png);' ),
+ array( '/* insecure input */', 'background-image: -moz-image(asdf.png);' ),
+ array( '/* insecure input */', 'background-image: image-set("asdf.png" 1x, "asdf.png" 2x);' ),
+ array( '/* insecure input */', 'background-image: -webkit-image-set("asdf.png" 1x, "asdf.png" 2x);' ),
+ array( '/* insecure input */', 'background-image: -moz-image-set("asdf.png" 1x, "asdf.png" 2x);' ),
);
}
+
+ /**
+ * Test for support or lack of support for specific attributes in the attribute whitelist.
+ */
+ function provideAttributeSupport() {
+ /** array( <attributes>, <expected>, <message> ) */
+ return array(
+ array( 'div', ' role="presentation"', ' role="presentation"', 'Support for WAI-ARIA\'s role="presentation".' ),
+ array( 'div', ' role="main"', '', "Other WAI-ARIA roles are currently not supported." ),
+ );
+ }
+
+ /**
+ * @dataProvider provideAttributeSupport
+ */
+ function testAttributeSupport( $tag, $attributes, $expected, $message ) {
+ $this->assertEquals( $expected,
+ Sanitizer::fixTagAttributes( $attributes, $tag ),
+ $message
+ );
+ }
+
}