1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#!perl
use strict;
use warnings;
use HTML::Restrict ();
use Scalar::Util ();
use Test::More;
my $version = $HTML::Restrict::VERSION || 'development';
diag( "Testing HTML::Restrict $version, Perl $], $^X" );
my $hr = HTML::Restrict->new( debug => 0 );
isa_ok( $hr, 'HTML::Restrict' );
isa_ok( $hr->parser, 'HTML::Parser' );
my $default_rules = $hr->get_rules;
cmp_ok( Scalar::Util::reftype( $default_rules ),
'eq', 'HASH', 'default rules are empty' );
# basic stripping -- all tags strippped
my $bold = '<b>i am bold</b>';
my $processed = $hr->process( $bold );
cmp_ok( $processed, 'eq', 'i am bold', 'b tag stripped' );
# updating rules
my $b_rules = { b => [] };
$hr->set_rules( $b_rules );
my $updated_rules = $hr->get_rules;
is_deeply( $b_rules, $updated_rules, 'rules update correctly' );
# ensure allowed tags aren't stripped
$processed = $hr->process( $bold );
cmp_ok( $processed, 'eq', $bold, 'b tag not stripped' );
# more complex set with multiple tags
# ensure allowed tags aren't stripped and others are removed
$hr->set_rules( { a => [qw( href target )] } );
my $link
= q{<center><a href="http://google.com" target="_blank" id="test">google</a></center>};
my $processed_link = $hr->process( $link );
cmp_ok(
$processed_link, 'eq',
q{<a href="http://google.com" target="_blank">google</a>},
'allowed link but not center tag',
);
# ensure closing slash is maintained for tags
# with no end tag
$hr->set_rules( { img => [qw( src width height /)] } );
my $img = q{<body><img src="/face.jpg" width="10" height="10" /></body>};
my $processed_img = $hr->process( $img );
cmp_ok(
$processed_img, 'eq',
q{<img src="/face.jpg" width="10" height="10">},
'closing slash preserved in image'
);
# rest rules to default set
$hr->set_rules( {} );
cmp_ok( $hr->process( $bold ), 'eq', 'i am bold', 'back to default rules' );
# stripping of comments
cmp_ok( $hr->process( '<!-- comment this -->ok' ),
'eq', 'ok', 'comments are stripped' );
# stripping of javascript includes
cmp_ok(
$hr->process(
q{<script type="text/javascript" src="/js/jquery-1.3.2.js"></script>ok}
),
'eq', 'ok',
'javascript includes are stripped'
);
# stripping of css includes
cmp_ok(
$hr->process(
q{<link href="/style.css" media="screen" rel="stylesheet" type="text/css" />ok}
),
'eq', 'ok',
'css includes are stripped'
);
ok( $hr->trim, 'trim enabled by default' );
# stripping of leading and trailing spaces
cmp_ok( $hr->process( ' ok ok ok ' ),
'eq', 'ok ok ok', 'leading and trailing spaces trimmed' );
# stripping of div tags
cmp_ok( $hr->process( '<div>ok</div>' ),
'eq', 'ok', 'divs are stripped away' );
# undef should be returned when no value is passed to the process method
is( $hr->process(), undef, 'undef is returned when no value passed' );
# start fresh
# RT #55775
$hr = HTML::Restrict->new;
cmp_ok( $hr->process( 0 ), 'eq', '0', 'untrue values not processed');
cmp_ok( $hr->process( '0' ), 'eq', '0', 'untrue values not processed');
cmp_ok( $hr->process( '000' ), 'eq', '000', 'untrue values not processed');
ok( !$hr->process('<html>'), 'process only HTML' );
# bugfix: check URI scheme for "src" attributes
$hr = HTML::Restrict->new( rules => { img => [qw( src )] } );
$hr->set_uri_schemes( [ undef, 'http', 'https' ] );
cmp_ok( $hr->process(q{<img src="file:/some/file">}), 'eq', '<img>' );
# bugfix: ensure stripper stack is reset in case of broken html
$hr = HTML::Restrict->new;
$hr->strip_enclosed_content( ['script'] );
$hr->process('<script < b >');
cmp_ok($hr->process('some text'), 'eq', 'some text', 'stripper stack reset');
done_testing();
|
