urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ikiwiki/t/htmlize.t

71 lines
3.5 KiB
Perl
Raw Normal View History

* -CSD does not affect modules, so readfile() was not using the utf-8 input layer, which led to lots of problems; make it force read files as utf-8. Closes: #373203 * writefile() likewise needs to use the utf8 output layer. * Remove the -CSD from ikiwiki's hashbang since it's useless to have it there. * Revert some of the decode_utf8 changes in CGI.pm that seem unnecessary given the readfile fix. * Add utf-8 testcases for readfile and htmlize.
2006-06-15 08:37:33 +02:00
#!/usr/bin/perl
use warnings;
use strict;
* htmlscrubber security fix: Block javascript in uris. * Add htmlscrubber test suite.
2008-02-10 19:16:40 +01:00
use Test::More tests => 26;
* -CSD does not affect modules, so readfile() was not using the utf-8 input layer, which led to lots of problems; make it force read files as utf-8. Closes: #373203 * writefile() likewise needs to use the utf8 output layer. * Remove the -CSD from ikiwiki's hashbang since it's useless to have it there. * Revert some of the decode_utf8 changes in CGI.pm that seem unnecessary given the readfile fix. * Add utf-8 testcases for readfile and htmlize.
2006-06-15 08:37:33 +02:00
use Encode;
BEGIN { use_ok("IkiWiki"); }
# Initialize htmlscrubber plugin
* Work on firming up the plugin interface: - Plugins should not need to load IkiWiki::Render to get commonly used functions, so moved some functions from there to IkiWiki. - Picked out the set of functions and variables that most plugins use, documented them, and made IkiWiki export them by default, like a proper perl module should. - Use the other functions at your own risk. - This is not quite complete, I still have to decide whether to export some other things. * Changed all plugins included in ikiwiki to not use "IkiWiki::" when referring to stuff now exported by the IkiWiki module. * Anyone with a third-party ikiwiki plugin is strongly enrouraged to make like changes to it and avoid use of non-exported symboles from "IkiWiki::". * Link debian/changelog and debian/news to NEWS and CHANGELOG. * Support hyperestradier version 1.4.2, which adds a new required phraseform setting.
2006-09-10 00:50:27 +02:00
%config=IkiWiki::defaultconfig();
$config{srcdir}=$config{destdir}="/dev/null";
* Add exclude option in setup files, works same as --exclude.
2006-07-28 19:48:24 +02:00
IkiWiki::loadplugins();
* -CSD does not affect modules, so readfile() was not using the utf-8 input layer, which led to lots of problems; make it force read files as utf-8. Closes: #373203 * writefile() likewise needs to use the utf8 output layer. * Remove the -CSD from ikiwiki's hashbang since it's useless to have it there. * Revert some of the decode_utf8 changes in CGI.pm that seem unnecessary given the readfile fix. * Add utf-8 testcases for readfile and htmlize.
2006-06-15 08:37:33 +02:00
IkiWiki::checkconfig();
* Change htmlize, format, and sanitize hooks to use named parameters.
2006-08-28 20:17:59 +02:00
is(IkiWiki::htmlize("foo", "mdwn", "foo\n\nbar\n"), "<p>foo</p>\n\n<p>bar</p>\n",
* -CSD does not affect modules, so readfile() was not using the utf-8 input layer, which led to lots of problems; make it force read files as utf-8. Closes: #373203 * writefile() likewise needs to use the utf8 output layer. * Remove the -CSD from ikiwiki's hashbang since it's useless to have it there. * Revert some of the decode_utf8 changes in CGI.pm that seem unnecessary given the readfile fix. * Add utf-8 testcases for readfile and htmlize.
2006-06-15 08:37:33 +02:00
"basic");
* Work on firming up the plugin interface: - Plugins should not need to load IkiWiki::Render to get commonly used functions, so moved some functions from there to IkiWiki. - Picked out the set of functions and variables that most plugins use, documented them, and made IkiWiki export them by default, like a proper perl module should. - Use the other functions at your own risk. - This is not quite complete, I still have to decide whether to export some other things. * Changed all plugins included in ikiwiki to not use "IkiWiki::" when referring to stuff now exported by the IkiWiki module. * Anyone with a third-party ikiwiki plugin is strongly enrouraged to make like changes to it and avoid use of non-exported symboles from "IkiWiki::". * Link debian/changelog and debian/news to NEWS and CHANGELOG. * Support hyperestradier version 1.4.2, which adds a new required phraseform setting.
2006-09-10 00:50:27 +02:00
is(IkiWiki::htmlize("foo", "mdwn", readfile("t/test1.mdwn")),
* -CSD does not affect modules, so readfile() was not using the utf-8 input layer, which led to lots of problems; make it force read files as utf-8. Closes: #373203 * writefile() likewise needs to use the utf8 output layer. * Remove the -CSD from ikiwiki's hashbang since it's useless to have it there. * Revert some of the decode_utf8 changes in CGI.pm that seem unnecessary given the readfile fix. * Add utf-8 testcases for readfile and htmlize.
2006-06-15 08:37:33 +02:00
Encode::decode_utf8(qq{<p><img src="../images/o.jpg" alt="o" title="&oacute;" />\nóóóóó</p>\n}),
"utf8; bug #373203");
* Work on firming up the plugin interface: - Plugins should not need to load IkiWiki::Render to get commonly used functions, so moved some functions from there to IkiWiki. - Picked out the set of functions and variables that most plugins use, documented them, and made IkiWiki export them by default, like a proper perl module should. - Use the other functions at your own risk. - This is not quite complete, I still have to decide whether to export some other things. * Changed all plugins included in ikiwiki to not use "IkiWiki::" when referring to stuff now exported by the IkiWiki module. * Anyone with a third-party ikiwiki plugin is strongly enrouraged to make like changes to it and avoid use of non-exported symboles from "IkiWiki::". * Link debian/changelog and debian/news to NEWS and CHANGELOG. * Support hyperestradier version 1.4.2, which adds a new required phraseform setting.
2006-09-10 00:50:27 +02:00
ok(IkiWiki::htmlize("foo", "mdwn", readfile("t/test2.mdwn")),
add a testcase for the weird markdown utf-8 crasher to make sure that ikiwiki continues to work around it
2006-06-16 06:56:25 +02:00
"this file crashes markdown if it's fed in as decoded utf-8");
improved sanitiser test suite
2008-02-10 18:21:20 +01:00
sub gotcha {
my $html=IkiWiki::htmlize("foo", "mdwn", shift);
return $html =~ /GOTCHA/;
}
ok(!gotcha(q{<a href="javascript:alert('GOTCHA')">click me</a>}),
"javascript url");
ok(!gotcha(q{<a href="javascript&#x3A;alert('GOTCHA')">click me</a>}),
"partially encoded javascript url");
ok(!gotcha(q{<a href="jscript:alert('GOTCHA')">click me</a>}),
"jscript url");
ok(!gotcha(q{<a href="vbscript:alert('GOTCHA')">click me</a>}),
"vbscrpt url");
ok(!gotcha(q{<a href="java script:alert('GOTCHA')">click me</a>}),
"java-tab-script url");
ok(!gotcha(q{<span style="&#x61;&#x6e;&#x79;&#x3a;&#x20;&#x65;&#x78;&#x70;&#x72;&#x65;&#x73;&#x73;&#x69;&#x6f;(GOTCHA)&#x6e;&#x28;&#x77;&#x69;&#x6e;&#x64;&#x6f;&#x77;&#x2e;&#x6c;&#x6f;&#x63;&#x61;&#x74;&#x69;&#x6f;&#x6e;&#x3d;&#x27;&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x6f;&#x72;&#x67;&#x2f;&#x27;&#x29;">foo</span>}),
"entity-encoded CSS script test");
ok(!gotcha(q{<span style="&#97;&#110;&#121;&#58;&#32;&#101;&#120;&#112;&#114;&#101;&#115;&#115;&#105;&#111;&#110;(GOTCHA)&#40;&#119;&#105;&#110;&#100;&#111;&#119;&#46;&#108;&#111;&#99;&#97;&#116;&#105;&#111;&#110;&#61;&#39;&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#111;&#114;&#103;&#47;&#39;&#41;">foo</span>}),
"another entity-encoded CSS script test");
ok(!gotcha(q{<script>GOTCHA</script>}),
"script tag");
* htmlscrubber security fix: Block javascript in uris. * Add htmlscrubber test suite.
2008-02-10 19:16:40 +01:00
ok(!gotcha(q{<form action="javascript:alert('GOTCHA')">foo</form>}),
"form action with javascript");
ok(!gotcha(q{<video poster="javascript:alert('GOTCHA')" href="foo.avi">foo</video>}),
"video poster with javascript");
improved sanitiser test suite
2008-02-10 18:21:20 +01:00
ok(!gotcha(q{<span style="background: url(javascript:window.location=GOTCHA)">a</span>}),
"CSS script test");
fix data:image handling
2008-02-10 21:24:03 +01:00
ok(! gotcha(q{<img src="data:text/javascript;GOTCHA">}),
* htmlscrubber security fix: Block javascript in uris. * Add htmlscrubber test suite.
2008-02-10 19:16:40 +01:00
"data:text/javascript (jeez!)");
fix data:image handling
2008-02-10 21:24:03 +01:00
ok(gotcha(q{<img src="data:image/png;base64,GOTCHA">}), "data:image/png");
ok(gotcha(q{<img src="data:image/gif;base64,GOTCHA">}), "data:image/gif");
ok(gotcha(q{<img src="data:image/jpeg;base64,GOTCHA">}), "data:image/jpeg");
improved sanitiser test suite
2008-02-10 18:21:20 +01:00
ok(gotcha(q{<p>javascript:alert('GOTCHA')</p>}),
"not javascript AFAIK (but perhaps some web browser would like to
be perverse and assume it is?)");
ok(gotcha(q{<img src="javascript.png?GOTCHA">}), "not javascript");
ok(gotcha(q{<a href="javascript.png?GOTCHA">foo</a>}), "not javascript");
* htmlscrubber security fix: Block javascript in uris. * Add htmlscrubber test suite.
2008-02-10 19:16:40 +01:00
is(IkiWiki::htmlize("foo", "mdwn",
q{<img alt="foo" src="foo.gif">}),
q{<img alt="foo" src="foo.gif">}, "img with alt tag allowed");
is(IkiWiki::htmlize("foo", "mdwn",
q{<a href="http://google.com/">}),
q{<a href="http://google.com/">}, "absolute url allowed");
is(IkiWiki::htmlize("foo", "mdwn",
q{<a href="foo.html">}),
q{<a href="foo.html">}, "relative url allowed");
is(IkiWiki::htmlize("foo", "mdwn",
q{<span class="foo">bar</span>}),
q{<span class="foo">bar</span>}, "class attribute allowed");