37
37
class core_htmlpurifier_testcase extends basic_testcase {
40
* Verify _blank target is allowed
40
* Verify _blank target is allowed.
43
42
public function test_allow_blank_target() {
44
43
$text = '<a href="http://moodle.org" target="_blank">Some link</a>';
53
* Verify our nolink tag accepted
52
* Verify our nolink tag accepted.
56
54
public function test_nolink() {
57
// we can not use format text because nolink changes result
55
// We can not use format text because nolink changes result.
58
56
$text = '<nolink><div>no filters</div></nolink>';
59
57
$result = purify_html($text, array());
60
58
$this->assertSame($text, $result);
101
96
$result = purify_html($text, array());
102
97
$this->assertNotSame($text, $result);
104
// keep standard lang tags
99
// Keep standard lang tags.
106
101
$text = '<span lang="de_DU" class="multilang">asas</span>';
107
102
$result = purify_html($text, array());
116
111
* Tests the 'allowid' option for format_text.
119
113
public function test_format_text_allowid() {
120
// Start off by not allowing ids (default)
114
// Start off by not allowing ids (default).
121
115
$options = array(
122
116
'nocache' => true
124
118
$result = format_text('<div id="example">Frog</div>', FORMAT_HTML, $options);
125
119
$this->assertSame('<div>Frog</div>', $result);
128
122
$options['allowid'] = true;
129
123
$result = format_text('<div id="example">Frog</div>', FORMAT_HTML, $options);
130
124
$this->assertSame('<div id="example">Frog</div>', $result);
127
public function test_allowobjectembed() {
130
$this->assertSame('0', $CFG->allowobjectembed);
132
$text = '<object width="425" height="350">
133
<param name="movie" value="http://www.youtube.com/v/AyPzM5WK8ys" />
134
<param name="wmode" value="transparent" />
135
<embed src="http://www.youtube.com/v/AyPzM5WK8ys" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350" />
137
$result = purify_html($text, array());
138
$this->assertSame('hmmm', trim($result));
140
$CFG->allowobjectembed = '1';
142
$expected = '<object width="425" height="350" data="http://www.youtube.com/v/AyPzM5WK8ys" type="application/x-shockwave-flash">
143
<param name="allowScriptAccess" value="never" />
144
<param name="allowNetworking" value="internal" />
145
<param name="movie" value="http://www.youtube.com/v/AyPzM5WK8ys" />
146
<param name="wmode" value="transparent" />
147
<embed src="http://www.youtube.com/v/AyPzM5WK8ys" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350" allowscriptaccess="never" allownetworking="internal" />
149
$result = purify_html($text, array());
150
$this->assertSame(str_replace("\n", '', $expected), str_replace("\n", '', $result));
152
$CFG->allowobjectembed = '0';
154
$result = purify_html($text, array());
155
$this->assertSame('hmmm', trim($result));
134
159
* Test if linebreaks kept unchanged.
137
161
public function test_line_breaking() {
138
162
$text = "\n\raa\rsss\nsss\r";
251
271
public function test_allowed_schemes() {
252
// first standard schemes
272
// First standard schemas.
253
273
$text = '<a href="http://www.example.com/course/view.php?id=5">link</a>';
254
274
$this->assertSame($text, purify_html($text));
268
288
$text = '<a href="mailto:user@example.com">link</a>';
269
289
$this->assertSame($text, purify_html($text));
271
// extra schemes allowed in moodle
291
// Extra schemes allowed in moodle.
272
292
$text = '<a href="irc://irc.example.com/3213?pass">link</a>';
273
293
$this->assertSame($text, purify_html($text));
284
304
$text = '<a href="mms://www.example.com/movie.mms">link</a>';
285
305
$this->assertSame($text, purify_html($text));
287
// now some borked or dangerous schemes
307
// Now some borked or dangerous schemes.
288
308
$text = '<a href="javascript://www.example.com">link</a>';
289
309
$this->assertSame('<a>link</a>', purify_html($text));