1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
<?php
class HTMLPurifier_URIFilter_MungeTest extends HTMLPurifier_URIFilterHarness
{
function setUp() {
parent::setUp();
$this->filter = new HTMLPurifier_URIFilter_Munge();
}
protected function setMunge($uri = 'http://www.google.com/url?q=%s') {
$this->config->set('URI.Munge', $uri);
}
protected function setSecureMunge($key = 'secret') {
$this->setMunge('/redirect.php?url=%s&checksum=%t');
$this->config->set('URI.MungeSecretKey', $key);
}
function testMunge() {
$this->setMunge();
$this->assertFiltering(
'http://www.example.com/',
'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F'
);
}
function testMungeReplaceTagName() {
$this->setMunge('/r?tagname=%n&url=%s');
$token = new HTMLPurifier_Token_Start('a');
$this->context->register('CurrentToken', $token);
$this->assertFiltering('http://google.com', '/r?tagname=a&url=http%3A%2F%2Fgoogle.com');
}
function testMungeReplaceAttribute() {
$this->setMunge('/r?attr=%m&url=%s');
$attr = 'href';
$this->context->register('CurrentAttr', $attr);
$this->assertFiltering('http://google.com', '/r?attr=href&url=http%3A%2F%2Fgoogle.com');
}
function testMungeReplaceResource() {
$this->setMunge('/r?embeds=%r&url=%s');
$embeds = false;
$this->context->register('EmbeddedURI', $embeds);
$this->assertFiltering('http://google.com', '/r?embeds=&url=http%3A%2F%2Fgoogle.com');
}
function testMungeReplaceCSSProperty() {
$this->setMunge('/r?property=%p&url=%s');
$property = 'background';
$this->context->register('CurrentCSSProperty', $property);
$this->assertFiltering('http://google.com', '/r?property=background&url=http%3A%2F%2Fgoogle.com');
}
function testIgnoreEmbedded() {
$this->setMunge();
$embeds = true;
$this->context->register('EmbeddedURI', $embeds);
$this->assertFiltering('http://example.com');
}
function testProcessEmbedded() {
$this->setMunge();
$this->config->set('URI.MungeResources', true);
$embeds = true;
$this->context->register('EmbeddedURI', $embeds);
$this->assertFiltering('http://www.example.com/', 'http://www.google.com/url?q=http%3A%2F%2Fwww.example.com%2F');
}
function testPreserveRelative() {
$this->setMunge();
$this->assertFiltering('index.html');
}
function testMungeIgnoreUnknownSchemes() {
$this->setMunge();
$this->assertFiltering('javascript:foobar();', true);
}
function testSecureMungePreserve() {
$this->setSecureMunge();
$this->assertFiltering('/local');
}
function testSecureMungePreserveEmbedded() {
$this->setSecureMunge();
$embedded = true;
$this->context->register('EmbeddedURI', $embedded);
$this->assertFiltering('http://google.com');
}
function testSecureMungeStandard() {
$this->setSecureMunge();
$this->assertFiltering('http://google.com', '/redirect.php?url=http%3A%2F%2Fgoogle.com&checksum=0072e2f817fd2844825def74e54443debecf0892');
}
function testSecureMungeIgnoreUnknownSchemes() {
// This should be integration tested as well to be false
$this->setSecureMunge();
$this->assertFiltering('javascript:', true);
}
function testSecureMungeIgnoreUnbrowsableSchemes() {
$this->setSecureMunge();
$this->assertFiltering('news:', true);
}
function testSecureMungeToDirectory() {
$this->setSecureMunge();
$this->setMunge('/links/%s/%t');
$this->assertFiltering('http://google.com', '/links/http%3A%2F%2Fgoogle.com/0072e2f817fd2844825def74e54443debecf0892');
}
function testMungeIgnoreSameDomain() {
$this->setMunge('http://example.com/%s');
$this->assertFiltering('http://example.com/foobar');
}
function testMungeIgnoresSourceHost() {
$this->config->set('URI.Host', 'foo.example.com');
$this->setMunge('http://example.com/%s');
$this->assertFiltering('http://foo.example.com/bar');
}
}
// vim: et sw=4 sts=4
|
