silverstripe-framework/tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php

<?php

namespace SilverStripe\Forms\Tests\HTMLEditor;

use SilverStripe\Core\Injector\Injector;
use SilverStripe\Dev\FunctionalTest;
use SilverStripe\Forms\HTMLEditor\HTMLEditorConfig;
use SilverStripe\Forms\HTMLEditor\HTMLEditorSanitiser;
use SilverStripe\View\Parsers\HTMLValue;

class HTMLEditorSanitiserTest extends FunctionalTest
{

    public function testSanitisation()
    {
        $tests = array(
            array(
                'p,strong',
                '<p>Leave Alone</p><div>Strip parent<strong>But keep children</strong> in order</div>',
                '<p>Leave Alone</p>Strip parent<strong>But keep children</strong> in order',
                'Non-whitelisted elements are stripped, but children are kept'
            ),
            array(
                'p,strong',
                '<div>A <strong>B <div>Nested elements are still filtered</div> C</strong> D</div>',
                'A <strong>B Nested elements are still filtered C</strong> D',
                'Non-whitelisted elements are stripped even when children of non-whitelisted elements'
            ),
            array(
                'p',
                '<p>Keep</p><script>Strip <strong>including children</strong></script>',
                '<p>Keep</p>',
                'Non-whitelisted script elements are totally stripped, including any children'
            ),
            array(
                'p[id]',
                '<p id="keep" bad="strip">Test</p>',
                '<p id="keep">Test</p>',
                'Non-whitelisted attributes are stripped'
            ),
            array(
                'p[default1=default1|default2=default2|force1:force1|force2:force2]',
                '<p default1="specific1" force1="specific1">Test</p>',
                '<p default1="specific1" force1="force1" default2="default2" force2="force2">Test</p>',
                'Default attributes are set when not present in input, forced attributes are always set'
            )
        );

        $config = HTMLEditorConfig::get('htmleditorsanitisertest');

        foreach ($tests as $test) {
            list($validElements, $input, $output, $desc) = $test;

            $config->setOptions(array('valid_elements' => $validElements));
            $sanitiser = new HtmlEditorSanitiser($config);

            $htmlValue = HTMLValue::create($input);
            $sanitiser->sanitise($htmlValue);

            $this->assertEquals($output, $htmlValue->getContent(), $desc);
        }
    }
}
FIX HtmlEditorField not re-checking sanitisation server side 2013-07-03 10:06:49 +02:00			`<?php`
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00
API Namespace framework tests 2016-10-14 03:30:05 +02:00			`namespace SilverStripe\Forms\Tests\HTMLEditor;`

API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00			`use SilverStripe\Core\Injector\Injector;`
			`use SilverStripe\Dev\FunctionalTest;`
			`use SilverStripe\Forms\HTMLEditor\HTMLEditorConfig;`
			`use SilverStripe\Forms\HTMLEditor\HTMLEditorSanitiser;`
API Move createTag to HTML class ENHANCEMENT Better HTML generation behaviour for Requirements_Backend 2017-04-18 00:34:18 +02:00			`use SilverStripe\View\Parsers\HTMLValue;`
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00
API Namespace framework tests 2016-10-14 03:30:05 +02:00			`class HTMLEditorSanitiserTest extends FunctionalTest`
			`{`
FIX HtmlEditorField not re-checking sanitisation server side 2013-07-03 10:06:49 +02:00
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`public function testSanitisation()`
			`{`
			`$tests = array(`
			`array(`
			`'p,strong',`
			`'<p>Leave Alone</p><div>Strip parent<strong>But keep children</strong> in order</div>',`
			`'<p>Leave Alone</p>Strip parent<strong>But keep children</strong> in order',`
			`'Non-whitelisted elements are stripped, but children are kept'`
			`),`
			`array(`
			`'p,strong',`
			`'<div>A <strong>B <div>Nested elements are still filtered</div> C</strong> D</div>',`
			`'A <strong>B Nested elements are still filtered C</strong> D',`
			`'Non-whitelisted elements are stripped even when children of non-whitelisted elements'`
			`),`
			`array(`
			`'p',`
			`'<p>Keep</p><script>Strip <strong>including children</strong></script>',`
			`'<p>Keep</p>',`
			`'Non-whitelisted script elements are totally stripped, including any children'`
			`),`
			`array(`
			`'p[id]',`
			`'<p id="keep" bad="strip">Test</p>',`
			`'<p id="keep">Test</p>',`
			`'Non-whitelisted attributes are stripped'`
			`),`
			`array(`
			`'p[default1=default1\|default2=default2\|force1:force1\|force2:force2]',`
			`'<p default1="specific1" force1="specific1">Test</p>',`
			`'<p default1="specific1" force1="force1" default2="default2" force2="force2">Test</p>',`
			`'Default attributes are set when not present in input, forced attributes are always set'`
			`)`
			`);`

			`$config = HTMLEditorConfig::get('htmleditorsanitisertest');`

			`foreach ($tests as $test) {`
			`list($validElements, $input, $output, $desc) = $test;`

			`$config->setOptions(array('valid_elements' => $validElements));`
			`$sanitiser = new HtmlEditorSanitiser($config);`

API Move createTag to HTML class ENHANCEMENT Better HTML generation behaviour for Requirements_Backend 2017-04-18 00:34:18 +02:00			`$htmlValue = HTMLValue::create($input);`
Apply PSR2 / Namespace to remaining admin / tests 2016-12-16 05:34:21 +01:00			`$sanitiser->sanitise($htmlValue);`

			`$this->assertEquals($output, $htmlValue->getContent(), $desc);`
			`}`
			`}`
Remove all redundant whitespace 2014-08-15 08:53:05 +02:00			`}`