Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes/parser/SanitizerTest.php

292 lines
9.5 KiB
PHP
Raw Normal View History

Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
<?php
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
use Wikimedia\TestingAccessWrapper;
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
/**
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
* @group Sanitizer
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
*/
MediaWikiTestCase to MediaWikiIntegrationTestCase The name change happened some time ago, and I think its about time to start using the name name! (Done with a find and replace) My personal motivation for doing this is that I have started trying out vscode as an IDE for mediawiki development, and right now it doesn't appear to handle php aliases very well or at all. Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
2020-06-30 15:09:24 +00:00
class SanitizerTest extends MediaWikiIntegrationTestCase {
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
/**
Lots of spelling mistakes and phpdoc attributes @throw->@throws @returns->@return @seealso->@see @cover->@covers etc Change-Id: I9ae6bc3034e9790e2d66cd96473b923fe9ee7953
2013-03-11 03:16:28 +00:00
* @covers Sanitizer::removeHTMLtags
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
* @dataProvider provideHtml5Tags
*
Fixed some @params documentation (tests) Swapped some "$var type" to "type $var" or added missing types before the $var. Changed some other types to match the more common spelling. Makes beginning of some text in captial. Also added some missing @param. Change-Id: Ic8aaf0a93796b97d0fa4617c1f86ff59f4b36131
2014-04-17 18:43:42 +00:00
* @param string $tag Name of an HTML5 element (ie: 'video')
* @param bool $escaped Whether sanitizer let the tag in or escape it (ie: '&lt;video&gt;')
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
*/
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
public function testRemovehtmltagsOnHtml5Tags( $tag, $escaped ) {
Update formatting 2 of n. Change-Id: I5406673e99ed53e4e330ed47f022a17177544daa
2013-02-14 11:36:35 +00:00
if ( $escaped ) {
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
$this->assertEquals( "&lt;$tag&gt;",
Sanitizer::removeHTMLtags( "<$tag>" )
);
} else {
$this->assertEquals( "<$tag></$tag>\n",
Remove codepaths which ran parser in 'untidy' mode Disabling tidy has been deprecated since 1.33. This cleans up the code paths which still used untidy output. Bug: T198214 Change-Id: I821ef3b8f59b272d983583d407b2f0794fe1e791
2020-04-01 21:24:13 +00:00
Sanitizer::removeHTMLtags( "<$tag></$tag>\n" )
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
);
}
}
Tests: Make phpunit providers "public static". Follows-up I9d2b148e57 (including phpunit/languages this time). Bug: 46434 Change-Id: I30e5efcd88c516121c454676bd7a18f9b7c8fca6
2013-03-22 02:12:37 +00:00
public static function provideHtml5Tags() {
Update formatting 2 of n. Change-Id: I5406673e99ed53e4e330ed47f022a17177544daa
2013-02-14 11:36:35 +00:00
$ESCAPED = true; # We want tag to be escaped
$VERBATIM = false; # We want to keep the tag
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
[ 'data', $VERBATIM ],
[ 'mark', $VERBATIM ],
[ 'time', $VERBATIM ],
[ 'video', $ESCAPED ],
];
(bug 39067) Add support for HTML5 <mark> element. * whitelist <mark> in tidy and sanitizer * provides a default styling for mark elements Change-Id: I23fc2fc558ff0590be04771ef1e75fcfdf240aac
2012-08-06 10:02:49 +00:00
}
Add public as visibility in tests folder Add public, protected or private to function missing a visibility Enable the tests folder for the phpcs sniff Change-Id: Ibefce76ea9984c47e08c94889ea2eafca7565e2c
2019-10-09 18:24:07 +00:00
public function dataRemoveHTMLtags() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
// former testSelfClosingTag
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<div>Hello world</div />',
Use HTML5 semantics for self-closed HTML tags in wikitext This behavior has been deprecated and with a tracking category since 1.28. Time to remove the temporary parameter added to Sanitizer::removeHTMLtags() and (finally) tweak the behavior to match HTML5. Bug: T134423 Change-Id: I5c725175d05854139c95a2b3d8d35ff63cb6707b
2020-04-02 15:17:41 +00:00
'<div>Hello world</div>',
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'Self-closing closing div'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
// Make sure special nested HTML5 semantics are not broken
Update weblinks in comments from HTTP to HTTPS Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link. Also update some defect links. Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
2016-10-13 05:34:26 +00:00
// https://html.spec.whatwg.org/multipage/semantics.html#the-kbd-element
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
'Nested <kbd>.'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
Update weblinks in comments from HTTP to HTTPS Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link. Also update some defect links. Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
2016-10-13 05:34:26 +00:00
// https://html.spec.whatwg.org/multipage/semantics.html#the-sub-and-sup-elements
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
'Nested <var>.'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
Update weblinks in comments from HTTP to HTTPS Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link. Also update some defect links. Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
2016-10-13 05:34:26 +00:00
// https://html.spec.whatwg.org/multipage/semantics.html#the-dfn-element
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
'<abbr> inside <dfn>',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
];
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
testDecodeTagAttributes now use a data provider We had a huge pile of assertEquals in a single test function, this patch convert the mess in a nicer dataprovider. The parameters passed to assertEquals() were mixed up, the expected values should be passed as the first argument, I thus exchange the first two parameters in each case. Change-Id: Ib74804a7aa84a1e59fffb8c85abbf0b95995d897
2012-11-22 10:25:30 +00:00
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
/**
* @dataProvider dataRemoveHTMLtags
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
* @covers Sanitizer::removeHTMLtags
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
*/
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
public function testRemoveHTMLtags( $input, $output, $msg = null ) {
(bug 41545) Allow kbd, samp, and var to be nested. HTML5 has various semantics that allow -- or rather require -- <kbd> and <samp> and even <var> to be nested. eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd> eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var> This fixes the sanitizer to permit their nesting and adds test cases to ensure that some of HTML5's special semantics are permitted by our sanitizer and not broken. Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
2012-10-30 13:34:56 +00:00
$this->assertEquals( $output, Sanitizer::removeHTMLtags( $input ), $msg );
}
testDecodeTagAttributes now use a data provider We had a huge pile of assertEquals in a single test function, this patch convert the mess in a nicer dataprovider. The parameters passed to assertEquals() were mixed up, the expected values should be passed as the first argument, I thus exchange the first two parameters in each case. Change-Id: Ib74804a7aa84a1e59fffb8c85abbf0b95995d897
2012-11-22 10:25:30 +00:00
(bug 36495) Sanitizer: Convert align to margin/float outside tables. Change-Id: I108cbd100cff6bade011b14d74b5bca82f2a1e5f
2012-06-29 16:24:20 +00:00
/**
* @dataProvider provideDeprecatedAttributes
Lots of spelling mistakes and phpdoc attributes @throw->@throws @returns->@return @seealso->@see @cover->@covers etc Change-Id: I9ae6bc3034e9790e2d66cd96473b923fe9ee7953
2013-03-11 03:16:28 +00:00
* @covers Sanitizer::fixTagAttributes
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
* @covers Sanitizer::validateTagAttributes
* @covers Sanitizer::validateAttributes
(bug 36495) Sanitizer: Convert align to margin/float outside tables. Change-Id: I108cbd100cff6bade011b14d74b5bca82f2a1e5f
2012-06-29 16:24:20 +00:00
*/
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
public function testDeprecatedAttributesUnaltered( $inputAttr, $inputEl, $message = '' ) {
normalize sanitizerTest and add coverage tips * @cover let us mention which function the test is using, help out when building coverage report to make sure we only record traces for that function. * Normalized test functions so they look alike and make use of an optional message. Change-Id: I3e431b28e377f2ca21d06300537f63b2df4a3a99
2012-11-22 10:23:13 +00:00
$this->assertEquals( " $inputAttr",
Sanitizer::fixTagAttributes( $inputAttr, $inputEl ),
$message
);
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
}
public static function provideDeprecatedAttributes() {
Use more short array syntax in comments (/tests/) Change-Id: I86c73cb9447ac562a73348b4030e24ebf49a90dc
2016-07-10 15:23:29 +00:00
/** [ <attribute>, <element>, [message] ] */
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
[ 'clear="left"', 'br' ],
[ 'clear="all"', 'br' ],
[ 'width="100"', 'td' ],
[ 'nowrap="true"', 'td' ],
[ 'nowrap=""', 'td' ],
[ 'align="right"', 'td' ],
[ 'align="center"', 'table' ],
[ 'align="left"', 'tr' ],
[ 'align="center"', 'div' ],
[ 'align="left"', 'h1' ],
[ 'align="left"', 'p' ],
];
Followup r94465 and r94465; Add phpunit tests for Sanitizer::fixDeprecatedAttributes and fix bugs related to clear="all" and mixed/uppercase attributes and values.
2011-09-25 04:08:23 +00:00
}
Test handling of escaped CSS comments r85856 fixed a CSS injection issue but lacked testing. This test verify we properly strip out CSS comments even when the token delimiter '/*' is backslash-escaped : \2f\2a
2011-10-24 08:39:58 +00:00
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
/**
* @dataProvider provideValidateTagAttributes
* @covers Sanitizer::validateTagAttributes
* @covers Sanitizer::validateAttributes
*/
public function testValidateTagAttributes( $element, $attribs, $expected ) {
$actual = Sanitizer::validateTagAttributes( $attribs, $element );
$this->assertArrayEquals( $expected, $actual, false, true );
}
public static function provideValidateTagAttributes() {
return [
[ 'math',
Split SanitizerTest to unit and integration tests Out of 150 tests of SanitizerTest.php, 100 of them are pure unit tests they are moved to the new file in the new structure, the rest stay Change-Id: I366d37607abff4bcd624a56fb8b2299729fbc088
2019-07-08 00:05:57 +00:00
[ 'id' => 'foo bar', 'bogus' => 'stripped', 'data-foo' => 'bar' ],
[ 'id' => 'foo_bar', 'data-foo' => 'bar' ],
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
],
[ 'meta',
Split SanitizerTest to unit and integration tests Out of 150 tests of SanitizerTest.php, 100 of them are pure unit tests they are moved to the new file in the new structure, the rest stay Change-Id: I366d37607abff4bcd624a56fb8b2299729fbc088
2019-07-08 00:05:57 +00:00
[ 'id' => 'foo bar', 'itemprop' => 'foo', 'content' => 'bar' ],
[ 'itemprop' => 'foo', 'content' => 'bar' ],
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
],
Whitelist `aria-hidden` attribute in Sanitizer Bug: T204618 Change-Id: I34b9b729eccd7658d5165b6661e5fd45a733b36c
2019-10-04 18:26:06 +00:00
[ 'div',
Follow-up 0437877: SanitizerTest: Fix whitespace, test false state too Change-Id: Ibec845224493c409049b5212812e737d63abaad7
2020-02-03 23:22:26 +00:00
[ 'role' => 'presentation', 'aria-hidden' => 'true' ],
[ 'role' => 'presentation', 'aria-hidden' => 'true' ],
],
[ 'div',
[ 'role' => 'menuitem', 'aria-hidden' => 'false' ],
[ 'role' => 'menuitem', 'aria-hidden' => 'false' ],
Whitelist `aria-hidden` attribute in Sanitizer Bug: T204618 Change-Id: I34b9b729eccd7658d5165b6661e5fd45a733b36c
2019-10-04 18:26:06 +00:00
],
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
];
}
/**
Use 'list of allowed attributes' in Sanitizer, instead of 'whitelist' Bug: T254646 Change-Id: I48d1a5b318c3511fae94291d84f65e5c9cd05a27
2020-06-10 17:39:06 +00:00
* @dataProvider provideAttributesAllowed
* @covers Sanitizer::attributesAllowedInternal
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
*/
Use 'list of allowed attributes' in Sanitizer, instead of 'whitelist' Bug: T254646 Change-Id: I48d1a5b318c3511fae94291d84f65e5c9cd05a27
2020-06-10 17:39:06 +00:00
public function testAttributesAllowedInternal( $element, $attribs ) {
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
$sanitizer = TestingAccessWrapper::newFromClass( Sanitizer::class );
Use 'list of allowed attributes' in Sanitizer, instead of 'whitelist' Bug: T254646 Change-Id: I48d1a5b318c3511fae94291d84f65e5c9cd05a27
2020-06-10 17:39:06 +00:00
$actual = $sanitizer->attributesAllowedInternal( $element );
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
$this->assertArrayEquals( $attribs, array_keys( $actual ) );
}
Use 'list of allowed attributes' in Sanitizer, instead of 'whitelist' Bug: T254646 Change-Id: I48d1a5b318c3511fae94291d84f65e5c9cd05a27
2020-06-10 17:39:06 +00:00
public function provideAttributesAllowed() {
Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist These methods should be made private in the next release, but hard-deprecate them for 1.34. Tweak the return value of the attribute whitelist to be an associative rather than a sequential array, which makes the lookup of allowed attributes more efficient and avoids an array_flip for every html element sanitized. Bug: T221677 Change-Id: I17d734937accec6c2679dbe17328cf9554bd556a
2019-04-23 17:09:36 +00:00
/** [ <element>, [ <good attribute 1>, <good attribute 2>, ...] ] */
return [
[ 'math', [ 'class', 'style', 'id', 'title' ] ],
[ 'meta', [ 'itemprop', 'content' ] ],
[ 'link', [ 'itemprop', 'href', 'title' ] ],
];
}
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
/**
* @dataProvider provideEscapeIdForStuff
*
* @covers Sanitizer::escapeIdForAttribute()
* @covers Sanitizer::escapeIdForLink()
* @covers Sanitizer::escapeIdForExternalInterwiki()
* @covers Sanitizer::escapeIdInternal()
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
* @covers Sanitizer::escapeIdInternalUrl()
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
*
* @param string $stuff
* @param string[] $config
* @param string $id
* @param string|false $expected
* @param int|null $mode
*/
public function testEscapeIdForStuff( $stuff, array $config, $id, $expected, $mode = null ) {
$func = "Sanitizer::escapeIdFor{$stuff}";
$iwFlavor = array_pop( $config );
$this->setMwGlobals( [
'wgFragmentMode' => $config,
'wgExternalInterwikiFragmentMode' => $iwFlavor,
] );
Replace all call_user_func(_array) in all tests There is native support for all of this now in PHP, thanks to changes and additions that have been made in later versions. There should be no need any more to ever use call_user_func() or call_user_func_array(). Reviewing this should be fairly easy: Because this patch touches exclusivly tests, but no production code, there is no such thing as "insufficent test coverage". As long as CI goes green, this should be fine. Change-Id: Ib9690103687734bb5a85d3dab0e5642a07087bbc
2020-05-29 06:46:30 +00:00
$escaped = $func( $id, $mode );
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
self::assertEquals( $expected, $escaped );
}
public function provideEscapeIdForStuff() {
// Test inputs and outputs
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
$text = 'foo тест_#%!\'()[]:<>&&amp;&amp;amp;%F0';
Do not double decode HTML entities for IDs * in links (T103714) * in indicators (T104196) This change removes the automatic Sanitizer::decodeCharReferences from Sanitizer::escapeId and Sanitizer::escapeIdInternal. Where decoding of HTML entities are wanted an explicit call to Sanitizer::decodeCharReferences is added. Explicit decode HTML entities in non local autocomments. (T104311) Bug: T103714 Bug: T104196 Bug: T104311 Change-Id: I88e8e2077e6f5eec2b232391f7818370894a62dc
2016-05-02 05:14:45 +00:00
$legacyEncoded = 'foo_.D1.82.D0.B5.D1.81.D1.82_.23.25.21.27.28.29.5B.5D:.3C.3E' .
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
'.26.26amp.3B.26amp.3Bamp.3B.25F0';
$html5EncodedId = 'foo_тест_#%!\'()[]:<>&&amp;&amp;amp;%F0';
$html5EncodedHref = 'foo_тест_#%!\'()[]:<>&&amp;&amp;amp;%25F0';
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
// Settings: last element is $wgExternalInterwikiFragmentMode, the rest is $wgFragmentMode
$legacy = [ 'legacy', 'legacy' ];
$legacyNew = [ 'legacy', 'html5', 'legacy' ];
$newLegacy = [ 'html5', 'legacy', 'legacy' ];
$new = [ 'html5', 'legacy' ];
$allNew = [ 'html5', 'html5' ];
return [
// Pure legacy: how MW worked before 2017
[ 'Attribute', $legacy, $text, $legacyEncoded, Sanitizer::ID_PRIMARY ],
[ 'Attribute', $legacy, $text, false, Sanitizer::ID_FALLBACK ],
[ 'Link', $legacy, $text, $legacyEncoded ],
[ 'ExternalInterwiki', $legacy, $text, $legacyEncoded ],
// Transition to a new world: legacy links with HTML5 fallback
[ 'Attribute', $legacyNew, $text, $legacyEncoded, Sanitizer::ID_PRIMARY ],
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
[ 'Attribute', $legacyNew, $text, $html5EncodedId, Sanitizer::ID_FALLBACK ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'Link', $legacyNew, $text, $legacyEncoded ],
[ 'ExternalInterwiki', $legacyNew, $text, $legacyEncoded ],
// New world: HTML5 links, legacy fallbacks
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
[ 'Attribute', $newLegacy, $text, $html5EncodedId, Sanitizer::ID_PRIMARY ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'Attribute', $newLegacy, $text, $legacyEncoded, Sanitizer::ID_FALLBACK ],
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
[ 'Link', $newLegacy, $text, $html5EncodedHref ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'ExternalInterwiki', $newLegacy, $text, $legacyEncoded ],
// Distant future: no legacy fallbacks, but still linking to leagacy wikis
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
[ 'Attribute', $new, $text, $html5EncodedId, Sanitizer::ID_PRIMARY ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'Attribute', $new, $text, false, Sanitizer::ID_FALLBACK ],
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
[ 'Link', $new, $text, $html5EncodedHref ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'ExternalInterwiki', $new, $text, $legacyEncoded ],
// Just before the heat death of universe: external interwikis are also HTML5 \m/
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
[ 'Attribute', $allNew, $text, $html5EncodedId, Sanitizer::ID_PRIMARY ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
[ 'Attribute', $allNew, $text, false, Sanitizer::ID_FALLBACK ],
Escape % sign if form valid percent-encoding in fragment identifiers Currently if you combine a valid percent encoding and a non escaped character that is reserved in urls in a headline, the toc link does not work. E.g. ==`%41== needs #`%2541 but we currently generate #`%41 which matches ==`A== instead. Tested in firefox and chrome Bug: T238385 Change-Id: Ice2bbf79bed612d488ed6feb7510035e9dfb33af
2020-02-15 09:24:10 +00:00
[ 'Link', $allNew, $text, $html5EncodedHref ],
[ 'ExternalInterwiki', $allNew, $text, $html5EncodedHref ],
Make id attributes not include ascii whitespace per spec HTML5 says id attributes should not have whitespace, where whitespace is defined as LF, CR, FF, TAB or SPACE (oddly enough VT does not count). Firefox in my testing actually was fine with these except CR. Nonetheless we should follow the spec, so this converts these whitespace characters to _. I don't think this will cause any back-compat issues, since its very hard to make these characters in wikitext (other than space which was already being converted) and basically requires either Lua or html entities to make these (with FF seeming to be impossible). Bug: T238385 Depends-On: Ie6fa40798f06a358f6082110b4d8cc0028c80321 Change-Id: Ie2b7c9429691e2c491c3359d5b400d8f078aa789
2020-02-15 10:09:03 +00:00
// Whitespace
[ 'attribute', $allNew, "foo bar", 'foo_bar', Sanitizer::ID_PRIMARY ],
[ 'attribute', $allNew, "foo\fbar", 'foo_bar', Sanitizer::ID_PRIMARY ],
[ 'attribute', $allNew, "foo\nbar", 'foo_bar', Sanitizer::ID_PRIMARY ],
[ 'attribute', $allNew, "foo\tbar", 'foo_bar', Sanitizer::ID_PRIMARY ],
[ 'attribute', $allNew, "foo\rbar", 'foo_bar', Sanitizer::ID_PRIMARY ],
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
];
}
/**
* @covers Sanitizer::escapeIdInternal()
*/
public function testInvalidFragmentThrows() {
$this->setMwGlobals( 'wgFragmentMode', [ 'boom!' ] );
phpcs: Enable MediaWiki.Commenting.PhpunitAnnotations.ForbiddenExpectedException* and make pass Change-Id: I63f97497714a32236268be6965c5e181dade6c58
2019-10-11 22:22:26 +00:00
$this->expectException( InvalidArgumentException::class );
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
Sanitizer::escapeIdForAttribute( 'This should throw' );
}
/**
* @covers Sanitizer::escapeIdForAttribute()
*/
public function testNoPrimaryFragmentModeThrows() {
$this->setMwGlobals( 'wgFragmentMode', [ 666 => 'html5' ] );
phpcs: Enable MediaWiki.Commenting.PhpunitAnnotations.ForbiddenExpectedException* and make pass Change-Id: I63f97497714a32236268be6965c5e181dade6c58
2019-10-11 22:22:26 +00:00
$this->expectException( UnexpectedValueException::class );
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
Sanitizer::escapeIdForAttribute( 'This should throw' );
}
/**
* @covers Sanitizer::escapeIdForLink()
*/
public function testNoPrimaryFragmentModeThrows2() {
$this->setMwGlobals( 'wgFragmentMode', [ 666 => 'html5' ] );
phpcs: Enable MediaWiki.Commenting.PhpunitAnnotations.ForbiddenExpectedException* and make pass Change-Id: I63f97497714a32236268be6965c5e181dade6c58
2019-10-11 22:22:26 +00:00
$this->expectException( UnexpectedValueException::class );
Human-readable section ID support It adds the ability to replace the current section ID escaping schema (.C0.DE) with a HTML5-compliant escaping schema that is displayed as Unicode in many modern browsers. See the linked bug for discussion of various options that were considered before the implementation. A few remarks: * Because Sanitizer::escapeId() is used in a bunch of places without escaping, I'm deprecating it without altering its behavior. * The bug described in comments for Parser::guessLegacySectionNameFromWikiText() is still there in some Edge versions that display mojibake. Bug: T152540 Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
2017-06-30 00:13:12 +00:00
Sanitizer::escapeIdForLink( 'This should throw' );
}
Unset all globals unneeded for unit tests, assert correct directory * Unset globals to avoid tests that look like unit tests but actually rely on globals * move some tests out of unit directory so that the test suite will pass. * Assert that tests which extend MediaWikiUnitTestCase are in a directory with "/unit/" in its path name Depends-On: I67b37b1bde94eaa3d4298d9bd98ac57995ce93b9 Depends-On: I90921679518ee95fe393f8b1bbd9134daf0ba032 Bug: T87781 Change-Id: I16691fc8ac063705ba0c2bc63b96c4534ca8660b
2019-07-08 13:25:31 +00:00
/**
* Test escapeIdReferenceList for consistency with escapeIdForAttribute
*
* @dataProvider provideEscapeIdReferenceList
* @covers Sanitizer::escapeIdReferenceList
*/
public function testEscapeIdReferenceList( $referenceList, $id1, $id2 ) {
Hard-deprecate Sanitizer::escapeIdReferenceList() Code search: https://codesearch.wmcloud.org/search/?q=escapeIdReferenceList&i=nope&files=&repos= Followup-To: Ifce057b0c436eabec310f812394e86ee7123e7c8 Change-Id: I18f2c47ad6b4f6256d1727f24314cc3c5e13f466
2020-08-19 16:21:31 +00:00
$this->hideDeprecated( 'Sanitizer::escapeIdReferenceList' );
Unset all globals unneeded for unit tests, assert correct directory * Unset globals to avoid tests that look like unit tests but actually rely on globals * move some tests out of unit directory so that the test suite will pass. * Assert that tests which extend MediaWikiUnitTestCase are in a directory with "/unit/" in its path name Depends-On: I67b37b1bde94eaa3d4298d9bd98ac57995ce93b9 Depends-On: I90921679518ee95fe393f8b1bbd9134daf0ba032 Bug: T87781 Change-Id: I16691fc8ac063705ba0c2bc63b96c4534ca8660b
2019-07-08 13:25:31 +00:00
$this->assertEquals(
Sanitizer::escapeIdReferenceList( $referenceList ),
Sanitizer::escapeIdForAttribute( $id1 )
. ' '
. Sanitizer::escapeIdForAttribute( $id2 )
);
}
public static function provideEscapeIdReferenceList() {
/** [ <reference list>, <individual id 1>, <individual id 2> ] */
return [
[ 'foo bar', 'foo', 'bar' ],
[ '#1 #2', '#1', '#2' ],
[ '+1 +2', '+1', '+2' ],
];
}
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
Reference in a new issue Copy permalink