From 453528cc4bbfecce49e949e21debeffbf9253187 Mon Sep 17 00:00:00 2001 From: Daniel Friesen Date: Sun, 25 Sep 2011 04:08:23 +0000 Subject: [PATCH] Followup r94465 and r94465; Add phpunit tests for Sanitizer::fixDeprecatedAttributes and fix bugs related to clear="all" and mixed/uppercase attributes and values. --- includes/Sanitizer.php | 13 +++++++++++++ tests/phpunit/includes/SanitizerTest.php | 17 +++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 83cd5fd12f..8272ea4e72 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -641,6 +641,14 @@ class Sanitizer { 'width' => array( 'width', array_merge( array( 'hr', 'pre' ), $table, $cells, $colls ) ), ); + // Ensure that any upper case or mixed case attributes are converted to lowercase + foreach ( $attribs as $attribute => $value ) { + if ( $attribute !== strtolower( $attribute ) && array_key_exists( strtolower( $attribute ), $presentationalAttribs ) ) { + $attribs[strtolower( $attribute )] = $value; + unset( $attribs[$attribute] ); + } + } + $style = ""; foreach ( $presentationalAttribs as $attribute => $info ) { list( $property, $elements ) = $info; @@ -662,6 +670,11 @@ class Sanitizer { $value = 'nowrap'; } + // clear="all" is clear: both; in css + if ( $attribute === 'clear' && strtolower( $value ) === 'all' ) { + $value = 'both'; + } + // Size based properties should have px applied to them if they have no unit if ( in_array( $attribute, array( 'height', 'width', 'size' ) ) ) { if ( preg_match( '/^[\d.]+$/', $value ) ) { diff --git a/tests/phpunit/includes/SanitizerTest.php b/tests/phpunit/includes/SanitizerTest.php index 40d6cf77f8..2959e6ff04 100644 --- a/tests/phpunit/includes/SanitizerTest.php +++ b/tests/phpunit/includes/SanitizerTest.php @@ -109,5 +109,22 @@ class SanitizerTest extends MediaWikiTestCase { $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&"' ), array( 'foo' => '&"' ), 'Special chars can be provided as entities' ); $this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&foobar;' ), array( 'foo' => '&foobar;' ), 'Entity-like items are accepted' ); } + + function testDeprecatedAttributes() { + $GLOBALS['wgCleanupPresentationalAttributes'] = true; + $this->assertEquals( Sanitizer::fixTagAttributes( 'clear="left"', 'br' ), ' style="clear: left;"', 'Deprecated attributes are converted to styles when enabled.' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'clear="all"', 'br' ), ' style="clear: both;"', 'clear=all is converted to clear: both; not clear: all;' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'CLEAR="ALL"', 'br' ), ' style="clear: both;"', 'clear=ALL is not treated differently from clear=all' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'width="100"', 'td' ), ' style="width: 100px;"', 'Numeric sizes use pixels instead of numbers.' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'width="100%"', 'td' ), ' style="width: 100%;"', 'Units are allowed in sizes.' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'WIDTH="100%"', 'td' ), ' style="width: 100%;"', 'Uppercase WIDTH is treated as lowercase width.' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'WiDTh="100%"', 'td' ), ' style="width: 100%;"', 'Mixed case does not break WiDTh.' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'nowrap="true"', 'td' ), ' style="white-space: nowrap;"', 'nowrap attribute is output as white-space: nowrap; not something else.' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'nowrap=""', 'td' ), ' style="white-space: nowrap;"', 'nowrap="" is considered true, not false' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'NOWRAP="true"', 'td' ), ' style="white-space: nowrap;"', 'nowrap attribute works when uppercase.' ); + $this->assertEquals( Sanitizer::fixTagAttributes( 'NoWrAp="true"', 'td' ), ' style="white-space: nowrap;"', 'nowrap attribute works when mixed-case.' ); + $GLOBALS['wgCleanupPresentationalAttributes'] = false; + $this->assertEquals( Sanitizer::fixTagAttributes( 'clear="left"', 'br' ), ' clear="left"', 'Deprecated attributes are not converted to styles when enabled.' ); + } } -- 2.20.1