PHP rcube_washtml Examples

Example #1

File: Washtml.php Project: rasky/roundcubemail

 /**
  * Test fixing of invalid self-closing elements (#1489137)
  */
 function test_self_closing()
 {
     $html = "<textarea>test";
     $washer = new rcube_washtml();
     $washed = $washer->wash($html);
     $this->assertRegExp('|<textarea>test</textarea>|', $washed, "Self-closing textarea (#1489137)");
 }

Example #2

File: Washtml.php Project: alecchisi/roundcubemail

 /**
  * Test style item fixes
  */
 function test_style_wash()
 {
     $html = "<p style=\"line-height: 1; height: 10\">a</p>";
     $washer = new rcube_washtml();
     $washed = $washer->wash($html);
     $this->assertRegExp('|line-height: 1;|', $washed, "Untouched line-height (#1489917)");
     $this->assertRegExp('|; height: 10px|', $washed, "Fixed height units");
 }

Example #3

File: MailFunc.php Project: alecchisi/roundcubemail

 /**
  * Test URI base resolving in HTML messages
  */
 function test_resolve_base()
 {
     $html = file_get_contents(TESTS_DIR . 'src/htmlbase.txt');
     $html = rcube_washtml::resolve_base($html);
     $this->assertRegExp('|src="http://alec\\.pl/dir/img1\\.gif"|', $html, "URI base resolving [1]");
     $this->assertRegExp('|src="http://alec\\.pl/dir/img2\\.gif"|', $html, "URI base resolving [2]");
     $this->assertRegExp('|src="http://alec\\.pl/img3\\.gif"|', $html, "URI base resolving [3]");
     // base resolving exceptions
     $this->assertRegExp('|src="cid:theCID"|', $html, "URI base resolving exception [1]");
     $this->assertRegExp('|src="http://other\\.domain\\.tld/img3\\.gif"|', $html, "URI base resolving exception [2]");
 }

Example #4

File: Washtml.php Project: jimjag/roundcubemail

 /**
  * Test MathML cleanup
  */
 function test_wash_mathml()
 {
     $mathml = '<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body>
         <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics>
             <mrow>
                 <msub><mi>I</mi><mi>D</mi></msub>
                 <mo>=</mo>
                 <mfrac><mn>1</mn><mn>2</mn></mfrac>
                 <msub><mi>k</mi><mi>n</mi></msub>
                 <mfrac><mi>W</mi><mi>L</mi></mfrac>
                 <mo stretchy="false">(</mo>
                 <msub><mi>V</mi><mrow><mi>G</mi><mi>S</mi></mrow></msub>
                 <mo>-</mo><msub><mi>V</mi><mi>t</mi></msub><msup>
                 <mo stretchy="false">)</mo><mn>2</mn></msup>
             </mrow>
             <annotation encoding="TeX">I_D = \\frac{1}{2} k_n \\frac{W}{L} (V_{GS}-V_t)^2</annotation>
         </semantics></math>
         </body></html>';
     $exp = '<!-- html ignored --><!-- head ignored --><!-- meta ignored --><!-- body ignored -->
         <math xmlns="http://www.w3.org/1998/Math/MathML"><semantics>
             <mrow>
                 <msub><mi>I</mi><mi>D</mi></msub>
                 <mo>=</mo>
                 <mfrac><mn>1</mn><mn>2</mn></mfrac>
                 <msub><mi>k</mi><mi>n</mi></msub>
                 <mfrac><mi>W</mi><mi>L</mi></mfrac>
                 <mo stretchy="false">(</mo>
                 <msub><mi>V</mi><mrow><mi>G</mi><mi>S</mi></mrow></msub>
                 <mo>-</mo><msub><mi>V</mi><mi>t</mi></msub><msup>
                 <mo stretchy="false">)</mo><mn>2</mn></msup>
             </mrow>
             <annotation encoding="TeX">I_D = \\frac{1}{2} k_n \\frac{W}{L} (V_{GS}-V_t)^2</annotation>
         </semantics></math>';
     $washer = new rcube_washtml();
     $washed = $washer->wash($mathml);
     // remove whitespace between tags
     $washed = preg_replace('/>[\\s\\r\\n\\t]+</', '><', $washed);
     $exp = preg_replace('/>[\\s\\r\\n\\t]+</', '><', $exp);
     $this->assertSame(trim($washed), trim($exp), "MathML content");
 }

Example #5

File: Washtml.php Project: hadiroohi/roundcubemail

 /**
  * Test invalid style cleanup - XSS prevention (#1490227)
  */
 function test_style_wash_xss()
 {
     $html = "<img style=aaa:'\"/onerror=alert(1)//'>";
     $exp = "<img style=\"aaa: '&quot;/onerror=alert(1)//'\" />";
     $washer = new rcube_washtml();
     $washed = $washer->wash($html);
     $this->assertTrue(strpos($washed, $exp) !== false, "Style quotes XSS issue (#1490227)");
     $html = "<img style=aaa:'&quot;/onerror=alert(1)//'>";
     $exp = "<img style=\"aaa: '&quot;/onerror=alert(1)//'\" />";
     $washer = new rcube_washtml();
     $washed = $washer->wash($html);
     $this->assertTrue(strpos($washed, $exp) !== false, "Style quotes XSS issue (#1490227)");
 }

Example #6

File: Washtml.php Project: jgtoriginal/roundcubemail

    /**
     * Test SVG cleanup
     */
    function test_style_wash_svg()
    {
        $svg = '<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" viewBox="0 0 100 100">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400" onmouseover="alert(1)" />
  <text x="50" y="68" font-size="48" fill="#FFF" text-anchor="middle"><![CDATA[410]]></text>
  <script type="text/javascript">
    alert(document.cookie);
  </script>
  <text x="10" y="25" >An example text</text>
  <a xlink:href="http://www.w.pl"><rect width="100%" height="100%" /></a>
  <foreignObject xlink:href="data:text/xml,%3Cscript xmlns=\'http://www.w3.org/1999/xhtml\'%3Ealert(1)%3C/script%3E"/>
  <set attributeName="onmouseover" to="alert(1)"/>
  <animate attributeName="onunload" to="alert(1)"/>
  <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" />
</svg>';
        $exp = '<svg xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" version="1.1" baseProfile="full" viewBox="0 0 100 100">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400" x-washed="onmouseover" />
  <text x="50" y="68" font-size="48" fill="#FFF" text-anchor="middle">410</text>
  <!-- script not allowed -->
  <text x="10" y="25">An example text</text>
  <a xlink:href="http://www.w.pl"><rect width="100%" height="100%" /></a>
  <!-- foreignObject ignored -->
  <set attributeName="onmouseover" x-washed="to" />
  <animate attributeName="onunload" x-washed="to" />
  <animate attributeName="xlink:href" begin="0" x-washed="from" />
</svg>';
        $washer = new rcube_washtml();
        $washed = $washer->wash($svg);
        $this->assertSame($washed, $exp, "SVG content");
    }

Example #7

File: Washtml.php Project: zamentur/roundcube_ynh

 /**
  * Test handling of unicode chars in style (#1489777)
  */
 function test_style_unicode()
 {
     $html = "<html><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n            <body><span style='font-family:\"新細明體\",\"serif\";color:red'>test</span></body></html>";
     $washer = new rcube_washtml();
     $washed = $washer->wash($html);
     $this->assertRegExp('|style=\'font-family: "新細明體","serif"; color: red\'|', $washed, "Unicode chars in style attribute - quoted (#1489697)");
     $html = "<html><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n            <body><span style='font-family:新細明體;color:red'>test</span></body></html>";
     $washer = new rcube_washtml();
     $washed = $washer->wash($html);
     $this->assertRegExp('|style="font-family: 新細明體; color: red"|', $washed, "Unicode chars in style attribute (#1489697)");
 }