p3k
/
XRay
mirror of https://github.com/aaronpk/XRay.git
1
0
Fork 0
Code Issues 0 Releases 75 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 Commits
2 Branches
46 MiB
Tree: 241594dcf5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '241594dcf5'
${ noResults }
XRay/tests/SanitizeTest.php

71 lines
3.2 KiB
Raw Normal View History

sanitize HTML sanitize the HTML returned in the content property. allows a common set of HTML tags. for #2
8 years ago
 
  1. <?php
  2. use Symfony\Component\HttpFoundation\Request;
  3. use Symfony\Component\HttpFoundation\Response;
  4. 

  5. class SanitizeTest extends PHPUnit_Framework_TestCase {
  6. 

  7.   private $http;
  8. 

  9.   public function setUp() {
  10.     $this->client = new Parse();
  11.     $this->client->http = new p3k\HTTPTest(dirname(__FILE__).'/data/');
  12.   }
  13. 

  14.   private function parse($params) {
  15.     $request = new Request($params);
  16.     $response = new Response();
  17.     return $this->client->parse($request, $response);
  18.   }
  19. 

  20.   public function testAllowsWhitelistedTags() {
  21.     $url = 'http://sanitize.example/entry-with-valid-tags';
  22.     $response = $this->parse(['url' => $url]);
  23. 

  24.     $body = $response->getContent();
  25.     $this->assertEquals(200, $response->getStatusCode());
  26.     $data = json_decode($body, true);
  27.     $html = $data['data']['content']['html'];
  28. 

  29.     $this->assertEquals('entry', $data['data']['type']);
  30.     $this->assertContains('This content has only valid tags.', $html); 
  31.     $this->assertContains('<a href="http://sanitize.example/example">links</a>,', $html, '<a> missing'); 
  32.     $this->assertContains('<abbr>abbreviations</abbr>,', $html, '<abbr> missing'); 
  33.     $this->assertContains('<b>bold</b>,', $html, '<b> missing'); 
  34.     $this->assertContains('<code>inline code</code>,', $html, '<code> missing'); 
  35.     $this->assertContains('<del>delete</del>,', $html, '<del> missing'); 
  36.     $this->assertContains('<em>emphasis</em>,', $html, '<em> missing'); 
  37.     $this->assertContains('<i>italics</i>,', $html, '<i> missing'); 
  38.     $this->assertContains('<img alt="images are allowed" src="http://sanitize.example/example.jpg" />', $html, '<img> missing'); 
  39.     $this->assertContains('<q>inline quote</q>,', $html, '<q> missing');
  40.     $this->assertContains('<strike>strikethrough</strike>,', $html, '<strike> missing');
  41.     $this->assertContains('<strong>strong text</strong>,', $html, '<strong> missing');
  42.     $this->assertContains('<time datetime="2016-01-01">time elements</time>', $html, '<time> missing');
  43.     $this->assertContains('<blockquote>Blockquote tags are okay</blockquote>', $html);
  44.     $this->assertContains('<pre>preformatted text is okay too', $html, '<pre> missing');
  45.     $this->assertContains('for code examples and such</pre>', $html, '<pre> missing');
  46.     $this->assertContains('<h1>One</h1>', $html, '<h1> missing');
  47.     $this->assertContains('<h2>Two</h2>', $html, '<h2> missing');
  48.     $this->assertContains('<h3>Three</h3>', $html, '<h3> missing');
  49.     $this->assertContains('<h4>Four</h4>', $html, '<h4> missing');
  50.     $this->assertContains('<h5>Five</h5>', $html, '<h5> missing');
  51.     $this->assertContains('<h6>Six</h6>', $html, '<h6> missing');
  52.   }
  53. 

  54.   public function testRemovesUnsafeTags() {
  55.     $url = 'http://sanitize.example/entry-with-unsafe-tags';
  56.     $response = $this->parse(['url' => $url]);
  57. 

  58.     $body = $response->getContent();
  59.     $this->assertEquals(200, $response->getStatusCode());
  60.     $data = json_decode($body, true);
  61.     $html = $data['data']['content']['html'];
  62. 

  63.     $this->assertEquals('entry', $data['data']['type']);
  64.     $this->assertNotContains('<p>', $html);
  65.     $this->assertNotContains('<script>', $html);
  66.     $this->assertNotContains('<style>', $html);
  67.     $this->assertNotContains('visiblity', $html); // from the CSS

  68.     $this->assertNotContains('alert', $html); // from the JS

  69.   }
  70. 

  71. }