Exemple #1
0
 public function check($value)
 {
     if ($this->hasFacets) {
         $len = iconv_strlen($value, $GLOBALS['gJConfig']->charset);
         if ($this->length !== null && $len != $this->length) {
             return false;
         }
         if ($this->minLength !== null && $len < $this->minLength) {
             return false;
         }
         if ($this->maxLength !== null && $len > $this->maxLength) {
             return false;
         }
     }
     $this->newValue = jFilter::cleanHtml($value, $this->outputXhtml);
     return is_string($this->newValue);
 }
 public function check($value)
 {
     if ($this->hasFacets) {
         if ($this->fromWysiwyg) {
             $len = iconv_strlen(strip_tags($value, '<img><img/><object><embed><video><video/><svg>'), jApp::config()->charset);
         } else {
             $len = iconv_strlen($value, jApp::config()->charset);
         }
         if ($this->length !== null && $len != $this->length) {
             return false;
         }
         if ($this->minLength !== null && $len < $this->minLength) {
             return false;
         }
         if ($this->maxLength !== null && $len > $this->maxLength) {
             return false;
         }
     }
     $this->newValue = jFilter::cleanHtml($value, $this->outputXhtml);
     return is_string($this->newValue);
 }
    public function testCleanHtml()
    {
        $html = '<div>lorem</div>';
        $result = '<div>lorem</div>';
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div>lorem<em>aaa</em></div>';
        $result = "<div>lorem<em>aaa</em>\n</div>";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div>lorem <script> foo </script></div>';
        $result = '<div>lorem </div>';
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div>lorem <SCRIPT> foo </SCRIPT></div>';
        $result = '<div>lorem </div>';
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        //$html='<div>lorem <![CDATA[<SCRIPT> foo </SCRIPT>]]></div>';
        //$result='<div>lorem <![CDATA[<SCRIPT> foo </SCRIPT>]]></div>';
        //$this->assertEqualOrDiff($result, jFilter::satanizeHtml($html));
        $html = '<div onclick="xss()">lorem</div>';
        $result = '<div>lorem</div>';
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div onclick="xss()">lorem <strong onMouseOver="toto()">ah ah </strong></div>';
        $result = "<div>lorem <strong>ah ah </strong>\n</div>";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div onclick="xss()">lorem <a href="javascript:pirate()">ah ah </a></div>';
        $result = "<div>lorem <a>ah ah </a>\n</div>";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div>lorem <a href="foo/bar">a</a> <a href="http://foo/bar">a</a> <a href="hTTps://foo/bar">a</a>
         <a href="ftp://foo/bar">a</a>  <a href="mailto:foo@bar.baz">a</a>  <a href="foo/bar:/bla">a</a>
         <a href="foo:bar/bla">a</a> <a href="data:bar/bla">a</a></div>';
        $result = '<div>lorem <a href="foo/bar">a</a> <a href="http://foo/bar">a</a> <a href="hTTps://foo/bar">a</a>
         <a href="ftp://foo/bar">a</a>  <a href="mailto:foo@bar.baz">a</a>  <a href="foo/bar:/bla">a</a>
         <a>a</a> <a>a</a>
</div>';
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        // invalid html
        $html = '<div>lorem<em>aaa</er></div>';
        $result = "<div>lorem<em>aaa</em>\n</div>";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div lorem<em>aaa</er></div>';
        $result = "<div lorem>aaa</div>";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        $html = '<div>lorem <br/> ipsum</div>';
        $result = '<div>lorem <br> ipsum</div>';
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html));
        // XHTML
        $html = '<div>lorem <br/> ipsum</div>';
        $result = "\n    <div>lorem <br/> ipsum</div>\n  ";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html, true));
        $html = '<div lorem<em>aaa</er></div>';
        $result = "\n    <div lorem=\"\">aaa</div>\n  ";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html, true));
        $html = '<div>lorem<em>aaa</er></div>';
        $result = "\n    <div>lorem<em>aaa</em></div>\n  ";
        $this->assertEqualOrDiff($result, jFilter::cleanHtml($html, true));
    }