Skip to content

Commit

Permalink
Add more default config tests
Browse files Browse the repository at this point in the history
  • Loading branch information
tburry committed Jan 18, 2016
1 parent 917e83a commit 3bbffaf
Showing 1 changed file with 60 additions and 0 deletions.
60 changes: 60 additions & 0 deletions tests/DefaultsTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -89,4 +89,64 @@ public function testDenyAttribute() {
'<div onload="alert(\'XSS\')" onclick="die()">...</div>'
);
}

/**
* Allow lists to be nested by default.
*/
public function testDirectNestList() {
$html = <<<HTML
<ul>
<li>one</li>
<ol>
<li>two</li>
</ol>
</ul>
HTML;
$this->assertFiltered($html, $html);
}

/**
* Provide the elements for {@link testElements()}.
*
* @return array Returns an array for testing.
*/
public function provideInvalidElements() {
$elements = explode('-', 'applet-button-form-input-textarea-iframe-script-style-embed-object');
$result = [];
foreach ($elements as $element) {
$result[$element] = [$element];
}
return $result;
}

/**
* Test that default invalid elements are removed.
*
* @param string $element The element that should be removed.
* @dataProvider provideInvalidElements
*/
public function testInvalidElements($element) {
$html = "<div><$element>hi</$element></div>";
$this->assertFiltered('<div>hi</div>', $html);
}

/**
* Test to make sure `javascript:` isn't allowed in an href.
*/
public function testBadScheme() {
$this->assertFiltered(
'<a rel="nofollow" href="denied:javascript:alert(\'xss\')">click</a>',
'<a href="javascript:alert(\'xss\')">click</a>'
);
}

/**
* Make sure duplicate ID checks aren't being done.
*/
public function testAllowDuplicateIDs() {
$this->assertFiltered(
'<b id="x">one</b><i id="x">two</i>',
'<b id="x">one</b><i id="x">two</i>'
);
}
}

0 comments on commit 3bbffaf

Please sign in to comment.