Beispiel #1
0
 public function testStripFilterIsDefaultFilterWithoutTidy()
 {
     $in = '<p class="foo" style="margin-top: 5px">I <em class="foo" style="color: red;">was</em> right <strong>there</strong>!</p>';
     $doc = new Wibble\HTML\Fragment($in, array('disable_tidy' => true));
     $doc->filter(array('p' => array(), 'em' => array()));
     $this->assertEquals('<p>I <em>was</em> right there!</p>', $doc->toString());
 }
Beispiel #2
0
 public function testPrunedAllReturnOfFragmentIsEmptyString()
 {
     $doc = new Wibble\HTML\Fragment('<script>foo</script>');
     $doc->filter('prune');
     $this->assertEquals('', $doc->toString());
 }
Beispiel #3
0
 public function testUTF7Vulnerability()
 {
     $input = iconv('UTF-8', 'UTF-7', '<script>alert("xss");</script>');
     $doc = new Wibble\HTML\Fragment($input);
     $doc->filter();
     $this->assertEquals('+ADw-script+AD4-alert(+ACI-xss+ACI)+ADsAPA-/script+AD4-', $doc->toString());
 }
Beispiel #4
0
 /**
  * Personally I'd prefer this didn't happen, but DOM has its own ideas and
  * DOM isn't messed around by hanging quotes. Nonetheless, merging such
  * output with non-filtered HTML would raise the risk of quote escaping a bit.
  */
 public function testEncodingHandlingTranslatesQuoteEquivelantsToRealQuotes()
 {
     $markup = iconv('UTF-8', 'ISO-8859-15', '<p>\'"&quot;&#039;</p>');
     $expected = '\'""\'';
     $fragment = new Wibble\HTML\Fragment($markup, array('input_encoding' => 'ISO-8859-15', 'output_encoding' => 'UTF-8'));
     $fragment->filter();
     $this->assertEquals($expected, $fragment->toString());
 }
Beispiel #5
0
 public function testBrokenTagShouldGreedilyStripAllPotentialTagUntilNextValidTag()
 {
     $fragment = new Wibble\HTML\Fragment('This is <strongSparta!</strong><em>Sparta!!!</em>');
     $fragment->filter(array('strong' => array(), 'em' => array()));
     $this->assertEquals('This is <em>Sparta!!!</em>', $fragment->toString());
 }
Beispiel #6
0
 protected function sanitizeHTMLWithoutTidy($string)
 {
     $fragment = new Wibble\HTML\Fragment($string, array('disable_tidy' => true));
     $fragment->filter('escape');
     return $fragment->toString();
 }