p3k
/
XRay
mirror of https://github.com/aaronpk/XRay.git
1
0
Fork 0
Code Issues 0 Releases 75 Wiki Activity
Browse Source

tests for sanitizing and escaping HTML 

use fork of php-mf2 until https://github.com/indieweb/php-mf2/pull/83 is merged
pull/39/head
Aaron Parecki 8 years ago
parent
d7672df96c
commit
a202aa9c9a
5 changed files with 82 additions and 17 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -2
      composer.json
  2. +17
    -15
      composer.lock
  3. +29
    -0
      tests/SanitizeTest.php
  4. +14
    -0
      tests/data/sanitize.example/html-escaping-in-html
  5. +14
    -0
      tests/data/sanitize.example/html-escaping-in-text

+ 8
- 2
composer.json View File

@ -2,7 +2,7 @@
"require": { "require": {
"league/plates": "3.*", "league/plates": "3.*",
"league/route": "1.*", "league/route": "1.*",
"mf2/mf2": "0.2.*",
"mf2/mf2": "dev-master#bb02f0ee92de17975da1eec738d75ed0dfb68027",
"ezyang/htmlpurifier": "4.*" "ezyang/htmlpurifier": "4.*"
}, },
"autoload": { "autoload": {
@ -21,5 +21,11 @@
"files": [ "files": [
"lib/HTTPTest.php" "lib/HTTPTest.php"
] ]
}
},
"repositories": [
{
"type": "vcs",
"url": "http://github.com/aaronpk/php-mf2"
}
]
} }

+ 17
- 15
composer.lock View File

@ -4,8 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"hash": "9ca7e7a96c33dc8c293a42cbcd4c1d2f",
"content-hash": "c1c0c63887a953998208639cd85555a3",
"hash": "9aca2f5dc097a03c196b7c2b4e771ade",
"content-hash": "ccf2adf6d508929e3d329fe3d2adaaef",
"packages": [ "packages": [
{ {
"name": "ezyang/htmlpurifier", "name": "ezyang/htmlpurifier",
@ -263,16 +263,16 @@
}, },
{ {
"name": "mf2/mf2", "name": "mf2/mf2",
"version": "v0.2.12",
"version": "dev-master",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/indieweb/php-mf2.git",
"reference": "6701504876d6c9242eb310b35f41d40d9785ab4e"
"url": "https://github.com/aaronpk/php-mf2.git",
"reference": "bb02f0ee92de17975da1eec738d75ed0dfb68027"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/indieweb/php-mf2/zipball/6701504876d6c9242eb310b35f41d40d9785ab4e",
"reference": "6701504876d6c9242eb310b35f41d40d9785ab4e",
"url": "https://api.github.com/repos/aaronpk/php-mf2/zipball/bb02f0ee92de17975da1eec738d75ed0dfb68027",
"reference": "bb02f0ee92de17975da1eec738d75ed0dfb68027",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -296,7 +296,7 @@
}, },
"notification-url": "https://packagist.org/downloads/", "notification-url": "https://packagist.org/downloads/",
"license": [ "license": [
"MIT"
"CC0"
], ],
"authors": [ "authors": [
{ {
@ -312,7 +312,7 @@
"parser", "parser",
"semantic" "semantic"
], ],
"time": "2015-07-12 14:10:01"
"time": "2016-02-29 01:39:53"
}, },
{ {
"name": "nikic/fast-route", "name": "nikic/fast-route",
@ -359,16 +359,16 @@
}, },
{ {
"name": "symfony/http-foundation", "name": "symfony/http-foundation",
"version": "v2.8.2",
"version": "v2.8.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/symfony/http-foundation.git", "url": "https://github.com/symfony/http-foundation.git",
"reference": "9194b33c71da8ef4d05d22964376f2f9c95a1bfd"
"reference": "6f4e41c41e7d352ed9adf71ff6f2ec1756490a1b"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/symfony/http-foundation/zipball/9194b33c71da8ef4d05d22964376f2f9c95a1bfd",
"reference": "9194b33c71da8ef4d05d22964376f2f9c95a1bfd",
"url": "https://api.github.com/repos/symfony/http-foundation/zipball/6f4e41c41e7d352ed9adf71ff6f2ec1756490a1b",
"reference": "6f4e41c41e7d352ed9adf71ff6f2ec1756490a1b",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -409,7 +409,7 @@
], ],
"description": "Symfony HttpFoundation Component", "description": "Symfony HttpFoundation Component",
"homepage": "https://symfony.com", "homepage": "https://symfony.com",
"time": "2016-01-13 10:28:07"
"time": "2016-02-28 16:20:50"
}, },
{ {
"name": "symfony/polyfill-php54", "name": "symfony/polyfill-php54",
@ -529,7 +529,9 @@
"packages-dev": [], "packages-dev": [],
"aliases": [], "aliases": [],
"minimum-stability": "stable", "minimum-stability": "stable",
"stability-flags": [],
"stability-flags": {
"mf2/mf2": 20
},
"prefer-stable": false, "prefer-stable": false,
"prefer-lowest": false, "prefer-lowest": false,
"platform": [], "platform": [],

+ 29
- 0
tests/SanitizeTest.php View File

@ -62,12 +62,15 @@ class SanitizeTest extends PHPUnit_Framework_TestCase {
$this->assertEquals(200, $response->getStatusCode()); $this->assertEquals(200, $response->getStatusCode());
$data = json_decode($body, true); $data = json_decode($body, true);
$html = $data['data']['content']['html']; $html = $data['data']['content']['html'];
$text = $data['data']['content']['text'];
$this->assertEquals('entry', $data['data']['type']); $this->assertEquals('entry', $data['data']['type']);
$this->assertNotContains('<script>', $html); $this->assertNotContains('<script>', $html);
$this->assertNotContains('<style>', $html); $this->assertNotContains('<style>', $html);
$this->assertNotContains('visiblity', $html); // from the CSS $this->assertNotContains('visiblity', $html); // from the CSS
$this->assertNotContains('alert', $html); // from the JS $this->assertNotContains('alert', $html); // from the JS
$this->assertNotContains('visiblity', $text);
$this->assertNotContains('alert', $text);
} }
public function testAllowsMF2Classes() { public function testAllowsMF2Classes() {
@ -84,4 +87,30 @@ class SanitizeTest extends PHPUnit_Framework_TestCase {
$this->assertContains('<h3>Utility Class</h3>', $html); $this->assertContains('<h3>Utility Class</h3>', $html);
} }
public function testEscapingHTMLTagsInText() {
$url = 'http://sanitize.example/html-escaping-in-text';
$response = $this->parse(['url' => $url]);
$body = $response->getContent();
$this->assertEquals(200, $response->getStatusCode());
$data = json_decode($body, true);
$this->assertEquals('entry', $data['data']['type']);
$this->assertEquals('This content has some HTML escaped entities such as & ampersand, " quote, escaped <code> HTML tags, an ümlaut, an @at sign.', $data['data']['content']['text']);
}
public function testEscapingHTMLTagsInHTML() {
$url = 'http://sanitize.example/html-escaping-in-html';
$response = $this->parse(['url' => $url]);
$body = $response->getContent();
$this->assertEquals(200, $response->getStatusCode());
$data = json_decode($body, true);
$this->assertEquals('entry', $data['data']['type']);
$this->assertArrayNotHasKey('name', $data['data']);
$this->assertEquals('This content has some HTML escaped entities such as & ampersand, " quote, escaped <code> HTML tags, an ümlaut, an @at sign.', $data['data']['content']['text']);
$this->assertEquals('This content has some <i>HTML escaped</i> entities such as &amp; ampersand, " quote, escaped &lt;code&gt; HTML tags, an ümlaut, an @at sign.', $data['data']['content']['html']);
}
} }

+ 14
- 0
tests/data/sanitize.example/html-escaping-in-html View File

@ -0,0 +1,14 @@
HTTP/1.1 200 OK
Server: Apache
Date: Wed, 09 Dec 2015 03:29:14 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
<html>
<head>
<title>Test</title>
</head>
<body class="h-entry">
<p class="e-content">This content has some <i>HTML escaped</i> entities such as &amp; ampersand, &quot; quote, escaped &lt;code&gt; HTML tags, an &uuml;mlaut, an &#64;at sign.</p>
</body>
</html>

+ 14
- 0
tests/data/sanitize.example/html-escaping-in-text View File

@ -0,0 +1,14 @@
HTTP/1.1 200 OK
Server: Apache
Date: Wed, 09 Dec 2015 03:29:14 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
<html>
<head>
<title>Test</title>
</head>
<body class="h-entry">
<p class="p-content">This content has some HTML escaped entities such as &amp; ampersand, &quot; quote, escaped &lt;code&gt; HTML tags, an &uuml;mlaut, an &#64;at sign.</p>
</body>
</html>

Write Preview
Loading…
Cancel
Save