<?php
+/**
+ * @todo Tests covering decodeCharReferences can be refactored into a single
+ * method and dataprovider.
+ */
class SanitizerTest extends MediaWikiTestCase {
protected function setUp() {
AutoLoader::loadClass( 'Sanitizer' );
}
- function testDecodeNamedEntities() {
+ /**
+ * @covers Sanitizer::decodeCharReferences
+ */
+ public function testDecodeNamedEntities() {
$this->assertEquals(
"\xc3\xa9cole",
Sanitizer::decodeCharReferences( 'école' ),
);
}
- function testDecodeNumericEntities() {
+ /**
+ * @covers Sanitizer::decodeCharReferences
+ */
+ public function testDecodeNumericEntities() {
$this->assertEquals(
"\xc4\x88io bonas dans l'\xc3\xa9cole!",
Sanitizer::decodeCharReferences( "Ĉio bonas dans l'école!" ),
);
}
- function testDecodeMixedEntities() {
+ /**
+ * @covers Sanitizer::decodeCharReferences
+ */
+ public function testDecodeMixedEntities() {
$this->assertEquals(
"\xc4\x88io bonas dans l'\xc3\xa9cole!",
Sanitizer::decodeCharReferences( "Ĉio bonas dans l'école!" ),
);
}
- function testDecodeMixedComplexEntities() {
+ /**
+ * @covers Sanitizer::decodeCharReferences
+ */
+ public function testDecodeMixedComplexEntities() {
$this->assertEquals(
"\xc4\x88io bonas dans l'\xc3\xa9cole! (mais pas Ĉio dans l'école)",
Sanitizer::decodeCharReferences(
);
}
- function testInvalidAmpersand() {
+ /**
+ * @covers Sanitizer::decodeCharReferences
+ */
+ public function testInvalidAmpersand() {
$this->assertEquals(
'a & b',
Sanitizer::decodeCharReferences( 'a & b' ),
);
}
- function testInvalidEntities() {
+ /**
+ * @covers Sanitizer::decodeCharReferences
+ */
+ public function testInvalidEntities() {
$this->assertEquals(
'&foo;',
Sanitizer::decodeCharReferences( '&foo;' ),
);
}
- function testInvalidNumberedEntities() {
- $this->assertEquals( UTF8_REPLACEMENT, Sanitizer::decodeCharReferences( "�" ), 'Invalid numbered entity' );
+ /**
+ * @covers Sanitizer::decodeCharReferences
+ */
+ public function testInvalidNumberedEntities() {
+ $this->assertEquals(
+ UTF8_REPLACEMENT,
+ Sanitizer::decodeCharReferences( "�" ),
+ 'Invalid numbered entity'
+ );
}
/**
* @covers Sanitizer::removeHTMLtags
* @dataProvider provideHtml5Tags
*
- * @param String $tag Name of an HTML5 element (ie: 'video')
- * @param Boolean $escaped Wheter sanitizer let the tag in or escape it (ie: '<video>')
+ * @param string $tag Name of an HTML5 element (ie: 'video')
+ * @param bool $escaped Whether sanitizer let the tag in or escape it (ie: '<video>')
*/
- function testRemovehtmltagsOnHtml5Tags( $tag, $escaped ) {
+ public function testRemovehtmltagsOnHtml5Tags( $tag, $escaped ) {
$this->setMwGlobals( array(
- # Enable HTML5 mode
- 'wgHtml5' => true,
'wgUseTidy' => false
) );
/**
* @dataProvider dataRemoveHTMLtags
+ * @covers Sanitizer::removeHTMLtags
*/
- function testRemoveHTMLtags( $input, $output, $msg = null ) {
+ public function testRemoveHTMLtags( $input, $output, $msg = null ) {
$GLOBALS['wgUseTidy'] = false;
$this->assertEquals( $output, Sanitizer::removeHTMLtags( $input ), $msg );
}
* @dataProvider provideTagAttributesToDecode
* @covers Sanitizer::decodeTagAttributes
*/
- function testDecodeTagAttributes( $expected, $attributes, $message = '' ) {
+ public function testDecodeTagAttributes( $expected, $attributes, $message = '' ) {
$this->assertEquals( $expected,
Sanitizer::decodeTagAttributes( $attributes ),
$message
array( array( 'foo' => 'bar' ), ' foo = bar ', 'Spaced attribute' ),
array( array( 'foo' => 'bar' ), 'foo="bar"', 'Double-quoted attribute' ),
array( array( 'foo' => 'bar' ), 'foo=\'bar\'', 'Single-quoted attribute' ),
- array( array( 'foo' => 'bar', 'baz' => 'foo' ), 'foo=\'bar\' baz="foo"', 'Several attributes' ),
- array( array( 'foo' => 'bar', 'baz' => 'foo' ), 'foo=\'bar\' baz="foo"', 'Several attributes' ),
- array( array( 'foo' => 'bar', 'baz' => 'foo' ), 'foo=\'bar\' baz="foo"', 'Several attributes' ),
+ array(
+ array( 'foo' => 'bar', 'baz' => 'foo' ),
+ 'foo=\'bar\' baz="foo"',
+ 'Several attributes'
+ ),
+ array(
+ array( 'foo' => 'bar', 'baz' => 'foo' ),
+ 'foo=\'bar\' baz="foo"',
+ 'Several attributes'
+ ),
+ array(
+ array( 'foo' => 'bar', 'baz' => 'foo' ),
+ 'foo=\'bar\' baz="foo"',
+ 'Several attributes'
+ ),
array( array( ':foo' => 'bar' ), ':foo=\'bar\'', 'Leading :' ),
array( array( '_foo' => 'bar' ), '_foo=\'bar\'', 'Leading _' ),
array( array( 'foo' => 'bar' ), 'Foo=\'bar\'', 'Leading capital' ),
array( array(), 'foo$=baz', 'Symbols are not allowed' ),
array( array(), 'foo@=baz', 'Symbols are not allowed' ),
array( array(), 'foo~=baz', 'Symbols are not allowed' ),
- array( array( 'foo' => '1[#^`*%w/(' ), 'foo=1[#^`*%w/(', 'All kind of characters are allowed as values' ),
- array( array( 'foo' => '1[#^`*%\'w/(' ), 'foo="1[#^`*%\'w/("', 'Double quotes are allowed if quoted by single quotes' ),
- array( array( 'foo' => '1[#^`*%"w/(' ), 'foo=\'1[#^`*%"w/(\'', 'Single quotes are allowed if quoted by double quotes' ),
+ array(
+ array( 'foo' => '1[#^`*%w/(' ),
+ 'foo=1[#^`*%w/(',
+ 'All kind of characters are allowed as values'
+ ),
+ array(
+ array( 'foo' => '1[#^`*%\'w/(' ),
+ 'foo="1[#^`*%\'w/("',
+ 'Double quotes are allowed if quoted by single quotes'
+ ),
+ array(
+ array( 'foo' => '1[#^`*%"w/(' ),
+ 'foo=\'1[#^`*%"w/(\'',
+ 'Single quotes are allowed if quoted by double quotes'
+ ),
array( array( 'foo' => '&"' ), 'foo=&"', 'Special chars can be provided as entities' ),
array( array( 'foo' => '&foobar;' ), 'foo=&foobar;', 'Entity-like items are accepted' ),
);
* @dataProvider provideDeprecatedAttributes
* @covers Sanitizer::fixTagAttributes
*/
- function testDeprecatedAttributesUnaltered( $inputAttr, $inputEl, $message = '' ) {
+ public function testDeprecatedAttributesUnaltered( $inputAttr, $inputEl, $message = '' ) {
$this->assertEquals( " $inputAttr",
Sanitizer::fixTagAttributes( $inputAttr, $inputEl ),
$message
array( 'align="left"', 'tr' ),
array( 'align="center"', 'div' ),
array( 'align="left"', 'h1' ),
- array( 'align="left"', 'span' ),
+ array( 'align="left"', 'p' ),
);
}
* @dataProvider provideCssCommentsFixtures
* @covers Sanitizer::checkCss
*/
- function testCssCommentsChecking( $expected, $css, $message = '' ) {
+ public function testCssCommentsChecking( $expected, $css, $message = '' ) {
$this->assertEquals( $expected,
Sanitizer::checkCss( $css ),
$message
public static function provideCssCommentsFixtures() {
/** array( <expected>, <css>, [message] ) */
return array(
- array( ' ', '/**/' ),
+ // Valid comments spanning entire input
+ array( '/**/', '/**/' ),
+ array( '/* comment */', '/* comment */' ),
+ // Weird stuff
array( ' ', '/****/' ),
- array( ' ', '/* comment */' ),
- array( ' ', "\\2f\\2a foo \\2a\\2f",
+ array( ' ', '/* /* */' ),
+ array( 'display: block;', "display:/* foo */block;" ),
+ array( 'display: block;', "display:\\2f\\2a foo \\2a\\2f block;",
'Backslash-escaped comments must be stripped (bug 28450)' ),
array( '', '/* unfinished comment structure',
'Remove anything after a comment-start token' ),
array( '', "\\2f\\2a unifinished comment'",
'Remove anything after a backslash-escaped comment-start token' ),
- array( '/* insecure input */', 'filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\');' ),
- array( '/* insecure input */', '-ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader(src=\'asdf.png\',sizingMethod=\'scale\')";' ),
+ array(
+ '/* insecure input */',
+ 'filter: progid:DXImageTransform.Microsoft.AlphaImageLoader'
+ . '(src=\'asdf.png\',sizingMethod=\'scale\');'
+ ),
+ array(
+ '/* insecure input */',
+ '-ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader'
+ . '(src=\'asdf.png\',sizingMethod=\'scale\')";'
+ ),
array( '/* insecure input */', 'width: expression(1+1);' ),
array( '/* insecure input */', 'background-image: image(asdf.png);' ),
array( '/* insecure input */', 'background-image: -webkit-image(asdf.png);' ),
array( '/* insecure input */', 'background-image: -moz-image(asdf.png);' ),
array( '/* insecure input */', 'background-image: image-set("asdf.png" 1x, "asdf.png" 2x);' ),
- array( '/* insecure input */', 'background-image: -webkit-image-set("asdf.png" 1x, "asdf.png" 2x);' ),
- array( '/* insecure input */', 'background-image: -moz-image-set("asdf.png" 1x, "asdf.png" 2x);' ),
+ array(
+ '/* insecure input */',
+ 'background-image: -webkit-image-set("asdf.png" 1x, "asdf.png" 2x);'
+ ),
+ array(
+ '/* insecure input */',
+ 'background-image: -moz-image-set("asdf.png" 1x, "asdf.png" 2x);'
+ ),
);
}
public static function provideAttributeSupport() {
/** array( <attributes>, <expected>, <message> ) */
return array(
- array( 'div', ' role="presentation"', ' role="presentation"', 'Support for WAI-ARIA\'s role="presentation".' ),
+ array(
+ 'div',
+ ' role="presentation"',
+ ' role="presentation"',
+ 'Support for WAI-ARIA\'s role="presentation".'
+ ),
array( 'div', ' role="main"', '', "Other WAI-ARIA roles are currently not supported." ),
);
}
/**
* @dataProvider provideAttributeSupport
+ * @covers Sanitizer::fixTagAttributes
*/
- function testAttributeSupport( $tag, $attributes, $expected, $message ) {
+ public function testAttributeSupport( $tag, $attributes, $expected, $message ) {
$this->assertEquals( $expected,
Sanitizer::fixTagAttributes( $attributes, $tag ),
$message
dépôts / lhc / web / wiklou.git / blobdiff