Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes/parser/SanitizerTest.php

300 lines
9.3 KiB
PHP
Raw Normal View History

Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
<?php
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
use Wikimedia\TestingAccessWrapper;
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
/**
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
* @group Sanitizer
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
*/
* verbose and color default output from phpunit * Make a bunch of tests subclass MediaWikiTestCase * Parser tests and ResourceLoaderTest can't subclass it yet due to various issues
2010-12-28 18:17:16 +00:00
class SanitizerTest extends MediaWikiTestCase {
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
Abstract and refactor Tidy support * Split tidy implementations into a class hierarchy * Bring all tidy configuration into a single associative array and deprecate the old configuration. * Remove $wgAlwaysUseTidy This is preparatory to replacement of Tidy (T89331). I used the name "Raggett" for things relating to Dave Raggett's Tidy, since if we use "tidy" to mean the new abstract system as well as Raggett's tidy, it gets confusing. Change-Id: I77af1a16cbbb47fc226d05fb9aad56c58e8910b5
2015-08-31 04:42:55 +00:00
protected function tearDown() {
MWTidy::destroySingleton();
parent::tearDown();
}
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
/**
Lots of spelling mistakes and phpdoc attributes @throw->@throws @returns->@return @seealso->@see @cover->@covers etc Change-Id: I9ae6bc3034e9790e2d66cd96473b923fe9ee7953
2013-03-11 03:16:28 +00:00
* @covers Sanitizer::removeHTMLtags
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
* @dataProvider provideHtml5Tags
*
Fixed some @params documentation (tests) Swapped some "$var type" to "type $var" or added missing types before the $var. Changed some other types to match the more common spelling. Makes beginning of some text in captial. Also added some missing @param. Change-Id: Ic8aaf0a93796b97d0fa4617c1f86ff59f4b36131
2014-04-17 18:43:42 +00:00
* @param string $tag Name of an HTML5 element (ie: 'video')
* @param bool $escaped Whether sanitizer let the tag in or escape it (ie: '&lt;video&gt;')
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
*/
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
public function testRemovehtmltagsOnHtml5Tags( $tag, $escaped ) {
Hard deprecate codepaths where tidy is disabled Future parsers will not support the output generated with tidy disabled. Parser tests using untidied output will also be deprecated (and rewritten) in a follow-up patch. No new release notes necessary since user-visible tidy configuration was deprecated previously (in 1.32), and individual methods which had disabled tidy during execution were individually release-noted as they were updated. Bug: T198214 Depends-On: I0f417f75a49dfea873e9a2f44d81796a48b9f428 Depends-On: If5c619cdd3e7f786687cfc2ca166074d9197ca11 Change-Id: I592e0e0dfef7d929f05c60ffe4d60e09725b39cc
2018-06-26 13:53:12 +00:00
$this->hideDeprecated( 'disabling tidy' );
Remove most support for configuring Tidy, including Raggett Remex is pure PHP so there is no reason to use an external tidy any more. Configuration variables and implementation classes were deprecated in 1.32 or earlier. We've kept only $wgTidyConfig which can be used for experimental features or debugging Remex. Bug: T198214 Change-Id: I99d48f858d97b6e1d1e6cd76a42c960cc2c61f9f
2018-10-17 14:05:02 +00:00
$this->hideDeprecated( 'MWTidy::setInstance' );
Abstract and refactor Tidy support * Split tidy implementations into a class hierarchy * Bring all tidy configuration into a single associative array and deprecate the old configuration. * Remove $wgAlwaysUseTidy This is preparatory to replacement of Tidy (T89331). I used the name "Raggett" for things relating to Dave Raggett's Tidy, since if we use "tidy" to mean the new abstract system as well as Raggett's tidy, it gets confusing. Change-Id: I77af1a16cbbb47fc226d05fb9aad56c58e8910b5
2015-08-31 04:42:55 +00:00
MWTidy::setInstance( false );
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
Update formatting 2 of n. Change-Id: I5406673e99ed53e4e330ed47f022a17177544daa
2013-02-14 11:36:35 +00:00
if ( $escaped ) {
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
$this->assertEquals( "&lt;$tag&gt;",
Sanitizer::removeHTMLtags( "<$tag>" )
);
} else {
$this->assertEquals( "<$tag></$tag>\n",
Sanitizer::removeHTMLtags( "<$tag>" )
);
}
}
/**
* Provide HTML5 tags
*/
Tests: Make phpunit providers "public static". Follows-up I9d2b148e57 (including phpunit/languages this time). Bug: 46434 Change-Id: I30e5efcd88c516121c454676bd7a18f9b7c8fca6
2013-03-22 02:12:37 +00:00
public static function provideHtml5Tags() {
Update formatting 2 of n. Change-Id: I5406673e99ed53e4e330ed47f022a17177544daa
2013-02-14 11:36:35 +00:00
$ESCAPED = true; # We want tag to be escaped
$VERBATIM = false; # We want to keep the tag
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
[ 'data', $VERBATIM ],
[ 'mark', $VERBATIM ],
[ 'time', $VERBATIM ],
[ 'video', $ESCAPED ],
];
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
}
Add public as visibility in tests folder Add public, protected or private to function missing a visibility Enable the tests folder for the phpcs sniff Change-Id: Ibefce76ea9984c47e08c94889ea2eafca7565e2c
2019-10-09 18:24:07 +00:00
public function dataRemoveHTMLtags() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
// former testSelfClosingTag
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<div>Hello world</div />',
'<div>Hello world</div>',
'Self-closing closing div'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
// Make sure special nested HTML5 semantics are not broken
Update weblinks in comments from HTTP to HTTPS Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link. Also update some defect links. Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
2016-10-13 05:34:26 +00:00
// https://html.spec.whatwg.org/multipage/semantics.html#the-kbd-element
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
'Nested <kbd>.'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
Update weblinks in comments from HTTP to HTTPS Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link. Also update some defect links. Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
2016-10-13 05:34:26 +00:00
// https://html.spec.whatwg.org/multipage/semantics.html#the-sub-and-sup-elements
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
'Nested <var>.'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
Update weblinks in comments from HTTP to HTTPS Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link. Also update some defect links. Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
2016-10-13 05:34:26 +00:00
// https://html.spec.whatwg.org/multipage/semantics.html#the-dfn-element
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
'<abbr> inside <dfn>',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
];
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
testDecodeTagAttributes now use a data provider We had a huge pile of assertEquals in a single test function, this patch convert the mess in a nicer dataprovider. The parameters passed to assertEquals() were mixed up, the expected values should be passed as the first argument, I thus exchange the first two parameters in each case. Change-Id: Ib74804a7aa84a1e59fffb8c85abbf0b95995d897
2012-11-22 10:25:30 +00:00
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
/**
* @dataProvider dataRemoveHTMLtags
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
* @covers Sanitizer::removeHTMLtags
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
*/
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
public function testRemoveHTMLtags( $input, $output, $msg = null ) {
Hard deprecate codepaths where tidy is disabled Future parsers will not support the output generated with tidy disabled. Parser tests using untidied output will also be deprecated (and rewritten) in a follow-up patch. No new release notes necessary since user-visible tidy configuration was deprecated previously (in 1.32), and individual methods which had disabled tidy during execution were individually release-noted as they were updated. Bug: T198214 Depends-On: I0f417f75a49dfea873e9a2f44d81796a48b9f428 Depends-On: If5c619cdd3e7f786687cfc2ca166074d9197ca11 Change-Id: I592e0e0dfef7d929f05c60ffe4d60e09725b39cc
2018-06-26 13:53:12 +00:00
$this->hideDeprecated( 'disabling tidy' );
Remove most support for configuring Tidy, including Raggett Remex is pure PHP so there is no reason to use an external tidy any more. Configuration variables and implementation classes were deprecated in 1.32 or earlier. We've kept only $wgTidyConfig which can be used for experimental features or debugging Remex. Bug: T198214 Change-Id: I99d48f858d97b6e1d1e6cd76a42c960cc2c61f9f
2018-10-17 14:05:02 +00:00
$this->hideDeprecated( 'MWTidy::setInstance' );
Abstract and refactor Tidy support * Split tidy implementations into a class hierarchy * Bring all tidy configuration into a single associative array and deprecate the old configuration. * Remove $wgAlwaysUseTidy This is preparatory to replacement of Tidy (T89331). I used the name "Raggett" for things relating to Dave Raggett's Tidy, since if we use "tidy" to mean the new abstract system as well as Raggett's tidy, it gets confusing. Change-Id: I77af1a16cbbb47fc226d05fb9aad56c58e8910b5
2015-08-31 04:42:55 +00:00
MWTidy::setInstance( false );
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
$this->assertEquals( $output, Sanitizer::removeHTMLtags( $input ), $msg );
}
testDecodeTagAttributes now use a data provider We had a huge pile of assertEquals in a single test function, this patch convert the mess in a nicer dataprovider. The parameters passed to assertEquals() were mixed up, the expected values should be passed as the first argument, I thus exchange the first two parameters in each case. Change-Id: Ib74804a7aa84a1e59fffb8c85abbf0b95995d897
2012-11-22 10:25:30 +00:00
(bug 36495) Sanitizer: Convert align to margin/float outside tables. Change-Id: I108cbd100cff6bade011b14d74b5bca82f2a1e5f
2012-06-29 16:24:20 +00:00
/**
* @dataProvider provideDeprecatedAttributes
Lots of spelling mistakes and phpdoc attributes @throw->@throws @returns->@return @seealso->@see @cover->@covers etc Change-Id: I9ae6bc3034e9790e2d66cd96473b923fe9ee7953
2013-03-11 03:16:28 +00:00
* @covers Sanitizer::fixTagAttributes
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
* @covers Sanitizer::validateTagAttributes
* @covers Sanitizer::validateAttributes
(bug 36495) Sanitizer: Convert align to margin/float outside tables. Change-Id: I108cbd100cff6bade011b14d74b5bca82f2a1e5f
2012-06-29 16:24:20 +00:00
*/
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
public function testDeprecatedAttributesUnaltered( $inputAttr, $inputEl, $message = '' ) {
normalize sanitizerTest and add coverage tips * @cover let us mention which function the test is using, help out when building coverage report to make sure we only record traces for that function. * Normalized test functions so they look alike and make use of an optional message. Change-Id: I3e431b28e377f2ca21d06300537f63b2df4a3a99
2012-11-22 10:23:13 +00:00
$this->assertEquals( " $inputAttr",
Sanitizer::fixTagAttributes( $inputAttr, $inputEl ),
$message
);
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
}
public static function provideDeprecatedAttributes() {
Use more short array syntax in comments (/tests/) Change-Id: I86c73cb9447ac562a73348b4030e24ebf49a90dc
2016-07-10 15:23:29 +00:00
/** [ <attribute>, <element>, [message] ] */
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
[ 'clear="left"', 'br' ],
[ 'clear="all"', 'br' ],
[ 'width="100"', 'td' ],
[ 'nowrap="true"', 'td' ],
[ 'nowrap=""', 'td' ],
[ 'align="right"', 'td' ],
[ 'align="center"', 'table' ],
[ 'align="left"', 'tr' ],
[ 'align="center"', 'div' ],
[ 'align="left"', 'h1' ],
[ 'align="left"', 'p' ],
];
Followup r94465 and r94465; Add phpunit tests for Sanitizer::fixDeprecatedAttributes and fix bugs related to clear="all" and mixed/uppercase attributes and values.
2011-09-25 04:08:23 +00:00
}
Test handling of escaped CSS comments r85856 fixed a CSS injection issue but lacked testing. This test verify we properly strip out CSS comments even when the token delimiter '/*' is backslash-escaped : \2f\2a
2011-10-24 08:39:58 +00:00
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
/**
* @dataProvider provideValidateTagAttributes
* @covers Sanitizer::validateTagAttributes
* @covers Sanitizer::validateAttributes
*/
public function testValidateTagAttributes( $element, $attribs, $expected ) {
$actual = Sanitizer::validateTagAttributes( $attribs, $element );
$this->assertArrayEquals( $expected, $actual, false, true );
}
public static function provideValidateTagAttributes() {
return [
[ 'math',
Split SanitizerTest to unit and integration tests Out of 150 tests of SanitizerTest.php, 100 of them are pure unit tests they are moved to the new file in the new structure, the rest stay Change-Id: I366d37607abff4bcd624a56fb8b2299729fbc088
2019-07-08 00:05:57 +00:00
[ 'id' => 'foo bar', 'bogus' => 'stripped', 'data-foo' => 'bar' ],
[ 'id' => 'foo_bar', 'data-foo' => 'bar' ],
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
],
[ 'meta',
Split SanitizerTest to unit and integration tests Out of 150 tests of SanitizerTest.php, 100 of them are pure unit tests they are moved to the new file in the new structure, the rest stay Change-Id: I366d37607abff4bcd624a56fb8b2299729fbc088
2019-07-08 00:05:57 +00:00
[ 'id' => 'foo bar', 'itemprop' => 'foo', 'content' => 'bar' ],
[ 'itemprop' => 'foo', 'content' => 'bar' ],
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
],
];
}
/**
* @dataProvider provideAttributeWhitelist
* @covers Sanitizer::attributeWhitelist
*/
public function testAttributeWhitelist( $element, $attribs ) {
$this->hideDeprecated( 'Sanitizer::attributeWhitelist' );
$this->hideDeprecated( 'Sanitizer::setupAttributeWhitelist' );
$actual = Sanitizer::attributeWhitelist( $element );
$this->assertArrayEquals( $attribs, $actual );
}
/**
* @dataProvider provideAttributeWhitelist
* @covers Sanitizer::attributeWhitelistInternal
*/
public function testAttributeWhitelistInternal( $element, $attribs ) {
$sanitizer = TestingAccessWrapper::newFromClass( Sanitizer::class );
$actual = $sanitizer->attributeWhitelistInternal( $element );
$this->assertArrayEquals( $attribs, array_keys( $actual ) );
}
public function provideAttributeWhitelist() {
/** [ <element>, [ <good attribute 1>, <good attribute 2>, ...] ] */
return [
[ 'math', [ 'class', 'style', 'id', 'title' ] ],
[ 'meta', [ 'itemprop', 'content' ] ],
[ 'link', [ 'itemprop', 'href', 'title' ] ],
];
}
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
/**
* @dataProvider provideEscapeIdForStuff
*
* @covers Sanitizer::escapeIdForAttribute()
* @covers Sanitizer::escapeIdForLink()
* @covers Sanitizer::escapeIdForExternalInterwiki()
* @covers Sanitizer::escapeIdInternal()
*
* @param string $stuff
* @param string[] $config
* @param string $id
* @param string|false $expected
* @param int|null $mode
*/
public function testEscapeIdForStuff( $stuff, array $config, $id, $expected, $mode = null ) {
$func = "Sanitizer::escapeIdFor{$stuff}";
$iwFlavor = array_pop( $config );
$this->setMwGlobals( [
'wgFragmentMode' => $config,
'wgExternalInterwikiFragmentMode' => $iwFlavor,
] );
$escaped = call_user_func( $func, $id, $mode );
self::assertEquals( $expected, $escaped );
}
public function provideEscapeIdForStuff() {
// Test inputs and outputs
Do not double decode HTML entities for IDs * in links (T103714) * in indicators (T104196) This change removes the automatic Sanitizer::decodeCharReferences from Sanitizer::escapeId and Sanitizer::escapeIdInternal. Where decoding of HTML entities are wanted an explicit call to Sanitizer::decodeCharReferences is added. Explicit decode HTML entities in non local autocomments. (T104311) Bug: T103714 Bug: T104196 Bug: T104311 Change-Id: I88e8e2077e6f5eec2b232391f7818370894a62dc
2016-05-02 05:14:45 +00:00
$text = 'foo тест_#%!\'()[]:<>&&amp;&amp;amp;';
$legacyEncoded = 'foo_.D1.82.D0.B5.D1.81.D1.82_.23.25.21.27.28.29.5B.5D:.3C.3E' .
'.26.26amp.3B.26amp.3Bamp.3B';
$html5Encoded = 'foo_тест_#%!\'()[]:<>&&amp;&amp;amp;';
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
// Settings: last element is $wgExternalInterwikiFragmentMode, the rest is $wgFragmentMode
$legacy = [ 'legacy', 'legacy' ];
$legacyNew = [ 'legacy', 'html5', 'legacy' ];
$newLegacy = [ 'html5', 'legacy', 'legacy' ];
$new = [ 'html5', 'legacy' ];
$allNew = [ 'html5', 'html5' ];
return [
// Pure legacy: how MW worked before 2017
[ 'Attribute', $legacy, $text, $legacyEncoded, Sanitizer::ID_PRIMARY ],
[ 'Attribute', $legacy, $text, false, Sanitizer::ID_FALLBACK ],
[ 'Link', $legacy, $text, $legacyEncoded ],
[ 'ExternalInterwiki', $legacy, $text, $legacyEncoded ],
// Transition to a new world: legacy links with HTML5 fallback
[ 'Attribute', $legacyNew, $text, $legacyEncoded, Sanitizer::ID_PRIMARY ],
[ 'Attribute', $legacyNew, $text, $html5Encoded, Sanitizer::ID_FALLBACK ],
[ 'Link', $legacyNew, $text, $legacyEncoded ],
[ 'ExternalInterwiki', $legacyNew, $text, $legacyEncoded ],
// New world: HTML5 links, legacy fallbacks
[ 'Attribute', $newLegacy, $text, $html5Encoded, Sanitizer::ID_PRIMARY ],
[ 'Attribute', $newLegacy, $text, $legacyEncoded, Sanitizer::ID_FALLBACK ],
Don't percent-encode HTML5 IDs During the TechCom meeting, it was decided this is the better way. Bug: T152540 Change-Id: I6c3ec1c407225b4e925b7373bf52208e2f6b6c4a
2017-09-01 00:48:42 +00:00
[ 'Link', $newLegacy, $text, $html5Encoded ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'ExternalInterwiki', $newLegacy, $text, $legacyEncoded ],
// Distant future: no legacy fallbacks, but still linking to leagacy wikis
[ 'Attribute', $new, $text, $html5Encoded, Sanitizer::ID_PRIMARY ],
[ 'Attribute', $new, $text, false, Sanitizer::ID_FALLBACK ],
Don't percent-encode HTML5 IDs During the TechCom meeting, it was decided this is the better way. Bug: T152540 Change-Id: I6c3ec1c407225b4e925b7373bf52208e2f6b6c4a
2017-09-01 00:48:42 +00:00
[ 'Link', $new, $text, $html5Encoded ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'ExternalInterwiki', $new, $text, $legacyEncoded ],
// Just before the heat death of universe: external interwikis are also HTML5 \m/
[ 'Attribute', $allNew, $text, $html5Encoded, Sanitizer::ID_PRIMARY ],
[ 'Attribute', $allNew, $text, false, Sanitizer::ID_FALLBACK ],
Don't percent-encode HTML5 IDs During the TechCom meeting, it was decided this is the better way. Bug: T152540 Change-Id: I6c3ec1c407225b4e925b7373bf52208e2f6b6c4a
2017-09-01 00:48:42 +00:00
[ 'Link', $allNew, $text, $html5Encoded ],
[ 'ExternalInterwiki', $allNew, $text, $html5Encoded ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
];
}
/**
* @expectedException InvalidArgumentException
* @covers Sanitizer::escapeIdInternal()
*/
public function testInvalidFragmentThrows() {
$this->setMwGlobals( 'wgFragmentMode', [ 'boom!' ] );
Sanitizer::escapeIdForAttribute( 'This should throw' );
}
/**
* @expectedException UnexpectedValueException
* @covers Sanitizer::escapeIdForAttribute()
*/
public function testNoPrimaryFragmentModeThrows() {
$this->setMwGlobals( 'wgFragmentMode', [ 666 => 'html5' ] );
Sanitizer::escapeIdForAttribute( 'This should throw' );
}
/**
* @expectedException UnexpectedValueException
* @covers Sanitizer::escapeIdForLink()
*/
public function testNoPrimaryFragmentModeThrows2() {
$this->setMwGlobals( 'wgFragmentMode', [ 666 => 'html5' ] );
Sanitizer::escapeIdForLink( 'This should throw' );
}
Unset all globals unneeded for unit tests, assert correct directory * Unset globals to avoid tests that look like unit tests but actually rely on globals * move some tests out of unit directory so that the test suite will pass. * Assert that tests which extend MediaWikiUnitTestCase are in a directory with "/unit/" in its path name Depends-On: I67b37b1bde94eaa3d4298d9bd98ac57995ce93b9 Depends-On: I90921679518ee95fe393f8b1bbd9134daf0ba032 Bug: T87781 Change-Id: I16691fc8ac063705ba0c2bc63b96c4534ca8660b
2019-07-08 13:25:31 +00:00
/**
* Test escapeIdReferenceList for consistency with escapeIdForAttribute
*
* @dataProvider provideEscapeIdReferenceList
* @covers Sanitizer::escapeIdReferenceList
*/
public function testEscapeIdReferenceList( $referenceList, $id1, $id2 ) {
$this->assertEquals(
Sanitizer::escapeIdReferenceList( $referenceList ),
Sanitizer::escapeIdForAttribute( $id1 )
. ' '
. Sanitizer::escapeIdForAttribute( $id2 )
);
}
public static function provideEscapeIdReferenceList() {
/** [ <reference list>, <individual id 1>, <individual id 2> ] */
return [
[ 'foo bar', 'foo', 'bar' ],
[ '#1 #2', '#1', '#2' ],
[ '+1 +2', '+1', '+2' ],
];
}
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
Reference in a new issue Copy permalink