Skip to content

Agung Nugraha Putra / SIAS_2020

Go to a project
Toggle navigation
Toggle navigation pinning
Switch branch/tag
URITest.php 5 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 
<?php

/**
 * @todo Aim for complete code coverage with mocks
 */
class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
{

    public function setUp()
    {
        $this->def = new HTMLPurifier_AttrDef_URI();
        parent::setUp();
    }

    public function testIntegration()
    {
        $this->assertDef('http://www.google.com/');
        $this->assertDef('http:', '');
        $this->assertDef('http:/foo', '/foo');
        $this->assertDef('javascript:bad_stuff();', false);
        $this->assertDef('ftp://www.example.com/');
        $this->assertDef('news:rec.alt');
        $this->assertDef('nntp://news.example.com/324234');
        $this->assertDef('mailto:bob@example.com');
    }

    public function testIntegrationWithPercentEncoder()
    {
        $this->assertDef(
            'http://www.example.com/%56%fc%GJ%5%FC',
            'http://www.example.com/V%FC%25GJ%255%FC'
        );
    }

    public function testPercentEncoding()
    {
        $this->assertDef(
            'http:colon:mercenary',
            'colon%3Amercenary'
        );
    }

    public function testPercentEncodingPreserve()
    {
        $this->assertDef(
            'http://www.example.com/abcABC123-_.!~*()\''
        );
    }

    public function testEmbeds()
    {
        $this->def = new HTMLPurifier_AttrDef_URI(true);
        $this->assertDef('http://sub.example.com/alas?foo=asd');
        $this->assertDef('mailto:foo@example.com', false);
    }

    public function testConfigMunge()
    {
        $this->config->set('URI.Munge', 'http://www.google.com/url?q=%s');
        $this->assertDef(
            'http://www.example.com/',
            'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F'
        );
        $this->assertDef('index.html');
        $this->assertDef('javascript:foobar();', false);
    }

    public function testDefaultSchemeRemovedInBlank()
    {
        $this->assertDef('http:', '');
    }

    public function testDefaultSchemeRemovedInRelativeURI()
    {
        $this->assertDef('http:/foo/bar', '/foo/bar');
    }

    public function testDefaultSchemeNotRemovedInAbsoluteURI()
    {
        $this->assertDef('http://example.com/foo/bar');
    }

    public function testAltSchemeNotRemoved()
    {
        $this->assertDef('mailto:this-looks-like-a-path@example.com');
    }

    public function testResolveNullSchemeAmbiguity()
    {
        $this->assertDef('///foo', '/foo');
    }

    public function testResolveNullSchemeDoubleAmbiguity()
    {
        $this->config->set('URI.Host', 'example.com');
        $this->assertDef('////foo', '//example.com//foo');
    }

    public function testURIDefinitionValidation()
    {
        $parser = new HTMLPurifier_URIParser();
        $uri = $parser->parse('http://example.com');
        $this->config->set('URI.DefinitionID', 'HTMLPurifier_AttrDef_URITest->testURIDefinitionValidation');

        generate_mock_once('HTMLPurifier_URIDefinition');
        $uri_def = new HTMLPurifier_URIDefinitionMock();
        $uri_def->expectOnce('filter', array($uri, '*', '*'));
        $uri_def->setReturnValue('filter', true, array($uri, '*', '*'));
        $uri_def->expectOnce('postFilter', array($uri, '*', '*'));
        $uri_def->setReturnValue('postFilter', true, array($uri, '*', '*'));
        $uri_def->setup = true;

        // Since definitions are no longer passed by reference, we need
        // to muck around with the cache to insert our mock. This is
        // technically a little bad, since the cache shouldn't change
        // behavior, but I don't feel too good about letting users
        // overload entire definitions.
        generate_mock_once('HTMLPurifier_DefinitionCache');
        $cache_mock = new HTMLPurifier_DefinitionCacheMock();
        $cache_mock->setReturnValue('get', $uri_def);

        generate_mock_once('HTMLPurifier_DefinitionCacheFactory');
        $factory_mock = new HTMLPurifier_DefinitionCacheFactoryMock();
        $old = HTMLPurifier_DefinitionCacheFactory::instance();
        HTMLPurifier_DefinitionCacheFactory::instance($factory_mock);
        $factory_mock->setReturnValue('create', $cache_mock);

        $this->assertDef('http://example.com');

        HTMLPurifier_DefinitionCacheFactory::instance($old);
    }

    public function test_make()
    {
        $factory = new HTMLPurifier_AttrDef_URI();
        $def = $factory->make('');
        $def2 = new HTMLPurifier_AttrDef_URI();
        $this->assertIdentical($def, $def2);

        $def = $factory->make('embedded');
        $def2 = new HTMLPurifier_AttrDef_URI(true);
        $this->assertIdentical($def, $def2);
    }

    /*
    public function test_validate_configWhitelist()
    {
        $this->config->set('URI.HostPolicy', 'DenyAll');
        $this->config->set('URI.HostWhitelist', array(null, 'google.com'));

        $this->assertDef('http://example.com/fo/google.com', false);
        $this->assertDef('server.txt');
        $this->assertDef('ftp://www.google.com/?t=a');
        $this->assertDef('http://google.com.tricky.spamsite.net', false);

    }
    */

}

// vim: et sw=4 sts=4