diff options
Diffstat (limited to 'tests/Framework')
| -rw-r--r-- | tests/Framework/Html2text.php | 59 | ||||
| -rw-r--r-- | tests/Framework/StringReplacer.php | 6 | ||||
| -rw-r--r-- | tests/Framework/Washtml.php | 28 |
3 files changed, 93 insertions, 0 deletions
diff --git a/tests/Framework/Html2text.php b/tests/Framework/Html2text.php new file mode 100644 index 000000000..1d8963878 --- /dev/null +++ b/tests/Framework/Html2text.php @@ -0,0 +1,59 @@ +<?php + +/** + * Test class to test rcube_html2text class + * + * @package Tests + */ +class rc_html2text extends PHPUnit_Framework_TestCase +{ + + function data_html2text() + { + return array( + 0 => array( + 'title' => 'Test entry', + 'in' => '', + 'out' => '', + ), + 1 => array( + 'title' => 'Basic HTML entities', + 'in' => '"&', + 'out' => '"&', + ), + 2 => array( + 'title' => 'HTML entity string', + 'in' => '&quot;', + 'out' => '"', + ), + 3 => array( + 'title' => 'HTML entity in STRONG tag', + 'in' => '<strong>ś</strong>', // ś + 'out' => 'Ś', // upper ś + ), + 4 => array( + 'title' => 'STRONG tag to upper-case conversion', + 'in' => '<strong>ś</strong>', + 'out' => 'Ś', + ), + 5 => array( + 'title' => 'STRONG inside B tag', + 'in' => '<b><strong>ś</strong></b>', + 'out' => 'Ś', + ), + ); + } + + /** + * @dataProvider data_html2text + */ + function test_html2text($title, $in, $out) + { + $ht = new rcube_html2text(null, false, false); + + $ht->set_html($in); + $res = $ht->get_text(); + + $this->assertEquals($out, $res, $title); + } +} diff --git a/tests/Framework/StringReplacer.php b/tests/Framework/StringReplacer.php index a76ba00ee..60399cf6b 100644 --- a/tests/Framework/StringReplacer.php +++ b/tests/Framework/StringReplacer.php @@ -29,6 +29,12 @@ class Framework_StringReplacer extends PHPUnit_Framework_TestCase array('Start http://localhost/?foo End', 'Start <a href="http://localhost/?foo" target="_blank">http://localhost/?foo</a> End'), array('www.domain.tld', '<a href="http://www.domain.tld" target="_blank">www.domain.tld</a>'), array('WWW.DOMAIN.TLD', '<a href="http://WWW.DOMAIN.TLD" target="_blank">WWW.DOMAIN.TLD</a>'), + array('[http://link.com]', '[<a href="http://link.com" target="_blank">http://link.com</a>]'), + array('http://link.com?a[]=1', '<a href="http://link.com?a[]=1" target="_blank">http://link.com?a[]=1</a>'), + array('http://link.com?a[]', '<a href="http://link.com?a[]" target="_blank">http://link.com?a[]</a>'), + array('(http://link.com)', '(<a href="http://link.com" target="_blank">http://link.com</a>)'), + array('http://link.com?a(b)c', '<a href="http://link.com?a(b)c" target="_blank">http://link.com?a(b)c</a>'), + array('http://link.com?(link)', '<a href="http://link.com?(link)" target="_blank">http://link.com?(link)</a>'), ); } diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php new file mode 100644 index 000000000..088ac4a8c --- /dev/null +++ b/tests/Framework/Washtml.php @@ -0,0 +1,28 @@ +<?php + +/** + * Test class to test rcube_washtml class + * + * @package Tests + */ +class Framework_Washtml extends PHPUnit_Framework_TestCase +{ + + /** + * Test the elimination of some XSS vulnerabilities + */ + function test_html_xss3() + { + // #1488850 + $html = '<p><a href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>' + .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>'; + + $washer = new rcube_washtml; + + $washed = $washer->wash($html); + + $this->assertNotRegExp('/data:text/', $washed, "Remove data:text/html links"); + $this->assertNotRegExp('/vbscript:/', $washed, "Remove vbscript: links"); + } + +} |