wiki.techinc.nl/tests/phpunit/includes/SanitizerTest.php

<?php

class SanitizerTest extends MediaWikiTestCase {

	function setUp() {
		AutoLoader::loadClass( 'Sanitizer' );
	}

	function testDecodeNamedEntities() {
		$this->assertEquals(
			"\xc3\xa9cole",
			Sanitizer::decodeCharReferences( '&eacute;cole' ),
			'decode named entities'
		);
	}

	function testDecodeNumericEntities() {
		$this->assertEquals(
			"\xc4\x88io bonas dans l'\xc3\xa9cole!",
			Sanitizer::decodeCharReferences( "&#x108;io bonas dans l'&#233;cole!" ),
			'decode numeric entities'
		);
	}

	function testDecodeMixedEntities() {
		$this->assertEquals(
			"\xc4\x88io bonas dans l'\xc3\xa9cole!",
			Sanitizer::decodeCharReferences( "&#x108;io bonas dans l'&eacute;cole!" ),
			'decode mixed numeric/named entities'
		);
	}

	function testDecodeMixedComplexEntities() {
		$this->assertEquals(
			"\xc4\x88io bonas dans l'\xc3\xa9cole! (mais pas &#x108;io dans l'&eacute;cole)",
			Sanitizer::decodeCharReferences(
				"&#x108;io bonas dans l'&eacute;cole! (mais pas &amp;#x108;io dans l'&#38;eacute;cole)"
			),
			'decode mixed complex entities'
		);
	}

	function testInvalidAmpersand() {
		$this->assertEquals(
			'a & b',
			Sanitizer::decodeCharReferences( 'a & b' ),
			'Invalid ampersand'
		);
	}

	function testInvalidEntities() {
		$this->assertEquals(
			'&foo;',
			Sanitizer::decodeCharReferences( '&foo;' ),
			'Invalid named entity'
		);
	}

	function testInvalidNumberedEntities() {
		$this->assertEquals( UTF8_REPLACEMENT, Sanitizer::decodeCharReferences( "&#88888888888888;" ), 'Invalid numbered entity' );
	}

	function testSelfClosingTag() {
		$GLOBALS['wgUseTidy'] = false;
		$this->assertEquals(
			'<div>Hello world</div>',
			Sanitizer::removeHTMLtags( '<div>Hello world</div />' ),
			'Self-closing closing div'
		);
	}
	
	function testDecodeTagAttributes() {
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=bar' ), array( 'foo' => 'bar' ), 'Unquoted attribute' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( '    foo   =   bar    ' ), array( 'foo' => 'bar' ), 'Spaced attribute' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="bar"' ), array( 'foo' => 'bar' ), 'Double-quoted attribute' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Single-quoted attribute' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\'   baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
		
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\'   baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\'   baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );
		
		$this->assertEquals( Sanitizer::decodeTagAttributes( ':foo=\'bar\'' ), array( ':foo' => 'bar' ), 'Leading :' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( '_foo=\'bar\'' ), array( '_foo' => 'bar' ), 'Leading _' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'Foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Leading capital' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'FOO=BAR' ), array( 'foo' => 'BAR' ), 'Attribute keys are normalized to lowercase' );
		
		# Invalid beginning
		$this->assertEquals( Sanitizer::decodeTagAttributes( '-foo=bar' ), array(), 'Leading - is forbidden' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( '.foo=bar' ), array(), 'Leading . is forbidden' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-bar=bar' ), array( 'foo-bar' => 'bar' ), 'A - is allowed inside the attribute' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-=bar' ), array( 'foo-' => 'bar' ), 'A - is allowed inside the attribute' );
		
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.bar=baz' ), array( 'foo.bar' => 'baz' ), 'A . is allowed inside the attribute' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.=baz' ), array( 'foo.' => 'baz' ), 'A . is allowed as last character' );
		
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo6=baz' ), array( 'foo6' => 'baz' ), 'Numbers are allowed' );
		
		# This bit is more relaxed than XML rules, but some extensions use it, like ProofreadPage (see bug 27539)
		$this->assertEquals( Sanitizer::decodeTagAttributes( '1foo=baz' ), array( '1foo' => 'baz' ), 'Leading numbers are allowed' );
		
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo$=baz' ), array(), 'Symbols are not allowed' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo@=baz' ), array(), 'Symbols are not allowed' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo~=baz' ), array(), 'Symbols are not allowed' );
		
		
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=1[#^`*%w/(' ), array( 'foo' => '1[#^`*%w/(' ), 'All kind of characters are allowed as values' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="1[#^`*%\'w/("' ), array( 'foo' => '1[#^`*%\'w/(' ), 'Double quotes are allowed if quoted by single quotes' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'1[#^`*%"w/(\'' ), array( 'foo' => '1[#^`*%"w/(' ), 'Single quotes are allowed if quoted by double quotes' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&amp;&quot;' ), array( 'foo' => '&"' ), 'Special chars can be provided as entities' );
		$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&foobar;' ), array( 'foo' => '&foobar;' ), 'Entity-like items are accepted' );
	}

	function testDeprecatedAttributesDisabled() {
		$GLOBALS['wgCleanupPresentationalAttributes'] = false;
		$this->assertEquals( ' clear="left"', Sanitizer::fixTagAttributes( 'clear="left"', 'br' ), 'Deprecated attributes are not converted to styles when enabled.' );
	}

	/**
	 * @dataProvider provideDeprecatedAttributes
	 */
	function testDeprecatedAttributes( $input, $tag, $expected, $message = null ) {
		$GLOBALS['wgCleanupPresentationalAttributes'] = true;
		$this->assertEquals( $expected, Sanitizer::fixTagAttributes( $input, $tag ), $message );
	}

	function provideDeprecatedAttributes() {
		return array(
			array( 'clear="left"', 'br', ' style="clear: left;"', 'Deprecated attributes are converted to styles when enabled.' ),
			array( 'clear="all"', 'br', ' style="clear: both;"', 'clear=all is converted to clear: both; not clear: all;' ),
			array( 'CLEAR="ALL"', 'br', ' style="clear: both;"', 'clear=ALL is not treated differently from clear=all' ),
			array( 'width="100"', 'td', ' style="width: 100px;"', 'Numeric sizes use pixels instead of numbers.' ),
			array( 'width="100%"', 'td', ' style="width: 100%;"', 'Units are allowed in sizes.' ),
			array( 'WIDTH="100%"', 'td', ' style="width: 100%;"', 'Uppercase WIDTH is treated as lowercase width.' ),
			array( 'WiDTh="100%"', 'td', ' style="width: 100%;"', 'Mixed case does not break WiDTh.' ),
			array( 'nowrap="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute is output as white-space: nowrap; not something else.' ),
			array( 'nowrap=""', 'td', ' style="white-space: nowrap;"', 'nowrap="" is considered true, not false' ),
			array( 'NOWRAP="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute works when uppercase.' ),
			array( 'NoWrAp="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute works when mixed-case.' ),
			array( 'align="right"', 'td', ' style="text-align: right;"'   , 'align on table cells gets converted to text-align' ),
			array( 'align="center"', 'td', ' style="text-align: center;"' , 'align on table cells gets converted to text-align' ),
			array( 'align="left"'  , 'div', ' style="text-align: left;"'  , 'align=(left|right) on div elements gets converted to text-align' ),
			array( 'align="center"', 'div', ' style="text-align: center;"', 'align="center" on div elements gets converted to text-align' ),
			array( 'align="left"'  , 'p',   ' style="text-align: left;"'  , 'align on p elements gets converted to text-align' ),
			array( 'align="left"'  , 'h1',  ' style="text-align: left;"'  , 'align on h1 elements gets converted to text-align' ),
			array( 'align="left"'  , 'h1',  ' style="text-align: left;"'  , 'align on h1 elements gets converted to text-align' ),
			array( 'align="left"'  , 'caption',' style="text-align: left;"','align on caption elements gets converted to text-align' ),
			array( 'align="left"'  , 'tfoot',' style="text-align: left;"' , 'align on tfoot elements gets converted to text-align' ),
			array( 'align="left"'  , 'tbody',' style="text-align: left;"' , 'align on tbody elements gets converted to text-align' ),

			# <tr>
			array( 'align="right"' , 'tr', ' style="text-align: right;"' , 'align on table row get converted to text-align' ),
			array( 'align="center"', 'tr', ' style="text-align: center;"', 'align on table row get converted to text-align' ),
			array( 'align="left"'  , 'tr', ' style="text-align: left;"'  , 'align on table row get converted to text-align' ),

			#table
			array( 'align="left"'  , 'table', ' style="float: left;"'    , 'align on table converted to float' ),
			array( 'align="center"', 'table', ' style="margin-left: auto; margin-right: auto;"', 'align center on table converted to margins' ),
			array( 'align="right"' , 'table', ' style="float: right;"'   , 'align on table converted to float' ),
		);
	}

	/**
	 * @dataProvider provideCssCommentsFixtures
	 */
	function testCssCommentsChecking( $expected, $css, $message = '' ) {
		$this->assertEquals(
			$expected,
			Sanitizer::checkCss( $css ),
			$message
		);
	}

	function provideCssCommentsFixtures() {
		/** array( <expected>, <css>, [message] ) */
		return array(
			array( ' ', '/**/' ),
			array( ' ', '/****/' ),
			array( ' ', '/* comment */' ),
			array( ' ', "\\2f\\2a foo \\2a\\2f",
				'Backslash-escaped comments must be stripped (bug 28450)' ),
			array( '', '/* unfinished comment structure',
	 			'Remove anything after a comment-start token' ),
			array( '', "\\2f\\2a unifinished comment'",
	 			'Remove anything after a backslash-escaped comment-start token' ),
		);
	}
}
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this. 2010-12-14 16:26:35 +00:00			`<?php`

* verbose and color default output from phpunit * Make a bunch of tests subclass MediaWikiTestCase * Parser tests and ResourceLoaderTest can't subclass it yet due to various issues 2010-12-28 18:17:16 +00:00			`class SanitizerTest extends MediaWikiTestCase {`
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this. 2010-12-14 16:26:35 +00:00
			`function setUp() {`
			`AutoLoader::loadClass( 'Sanitizer' );`
			`}`

			`function testDecodeNamedEntities() {`
			`$this->assertEquals(`
			`"\xc3\xa9cole",`
			`Sanitizer::decodeCharReferences( 'école' ),`
			`'decode named entities'`
			`);`
			`}`

			`function testDecodeNumericEntities() {`
			`$this->assertEquals(`
			`"\xc4\x88io bonas dans l'\xc3\xa9cole!",`
			`Sanitizer::decodeCharReferences( "Ĉio bonas dans l'école!" ),`
			`'decode numeric entities'`
			`);`
			`}`

			`function testDecodeMixedEntities() {`
			`$this->assertEquals(`
			`"\xc4\x88io bonas dans l'\xc3\xa9cole!",`
			`Sanitizer::decodeCharReferences( "Ĉio bonas dans l'école!" ),`
			`'decode mixed numeric/named entities'`
			`);`
			`}`

			`function testDecodeMixedComplexEntities() {`
			`$this->assertEquals(`
			`"\xc4\x88io bonas dans l'\xc3\xa9cole! (mais pas Ĉio dans l'école)",`
			`Sanitizer::decodeCharReferences(`
			`"Ĉio bonas dans l'école! (mais pas &#x108;io dans l'&eacute;cole)"`
			`),`
			`'decode mixed complex entities'`
			`);`
			`}`

			`function testInvalidAmpersand() {`
			`$this->assertEquals(`
			`'a & b',`
			`Sanitizer::decodeCharReferences( 'a & b' ),`
			`'Invalid ampersand'`
			`);`
			`}`

			`function testInvalidEntities() {`
			`$this->assertEquals(`
			`'&foo;',`
			`Sanitizer::decodeCharReferences( '&foo;' ),`
			`'Invalid named entity'`
			`);`
			`}`

			`function testInvalidNumberedEntities() {`
			`$this->assertEquals( UTF8_REPLACEMENT, Sanitizer::decodeCharReferences( "&#88888888888888;" ), 'Invalid numbered entity' );`
			`}`

			`function testSelfClosingTag() {`
			`$GLOBALS['wgUseTidy'] = false;`
			`$this->assertEquals(`
			`'<div>Hello world</div>',`
			`Sanitizer::removeHTMLtags( '<div>Hello world</div />' ),`
			`'Self-closing closing div'`
			`);`
			`}`
(Bug 27539) Allow attributes beginning with a digit in wiktext tag parameters. Its removal in r70849 breaks ProofreadPage extension. Restricted r82475 relaxation to just numbers. Added tests. This only affects wikitext (tag hooks). MW_ATTRIBS_REGEX is only used through decodeTagAttributes() calls. fixTagAttributes() calls decodeTagAttributes(), and would be nastier to fix, since it is called with HTML parameters (eg. by removeHTMLtags) but such incorrect parameters grabbed would be removed by validateTagAttributes() 2011-02-19 20:16:54 +00:00
			`function testDecodeTagAttributes() {`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=bar' ), array( 'foo' => 'bar' ), 'Unquoted attribute' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( ' foo = bar ' ), array( 'foo' => 'bar' ), 'Spaced attribute' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="bar"' ), array( 'foo' => 'bar' ), 'Double-quoted attribute' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Single-quoted attribute' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );`

			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'bar\' baz="foo"' ), array( 'foo' => 'bar', 'baz' => 'foo' ), 'Several attributes' );`

			`$this->assertEquals( Sanitizer::decodeTagAttributes( ':foo=\'bar\'' ), array( ':foo' => 'bar' ), 'Leading :' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( '_foo=\'bar\'' ), array( '_foo' => 'bar' ), 'Leading _' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'Foo=\'bar\'' ), array( 'foo' => 'bar' ), 'Leading capital' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'FOO=BAR' ), array( 'foo' => 'BAR' ), 'Attribute keys are normalized to lowercase' );`

			`# Invalid beginning`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( '-foo=bar' ), array(), 'Leading - is forbidden' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( '.foo=bar' ), array(), 'Leading . is forbidden' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-bar=bar' ), array( 'foo-bar' => 'bar' ), 'A - is allowed inside the attribute' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo-=bar' ), array( 'foo-' => 'bar' ), 'A - is allowed inside the attribute' );`

			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.bar=baz' ), array( 'foo.bar' => 'baz' ), 'A . is allowed inside the attribute' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo.=baz' ), array( 'foo.' => 'baz' ), 'A . is allowed as last character' );`

			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo6=baz' ), array( 'foo6' => 'baz' ), 'Numbers are allowed' );`

			`# This bit is more relaxed than XML rules, but some extensions use it, like ProofreadPage (see bug 27539)`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( '1foo=baz' ), array( '1foo' => 'baz' ), 'Leading numbers are allowed' );`

			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo$=baz' ), array(), 'Symbols are not allowed' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo@=baz' ), array(), 'Symbols are not allowed' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo~=baz' ), array(), 'Symbols are not allowed' );`


			$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=1[#^`%w/(' ), array( 'foo' => '1[#^`%w/(' ), 'All kind of characters are allowed as values' );
			$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo="1[#^`%\'w/("' ), array( 'foo' => '1[#^`%\'w/(' ), 'Double quotes are allowed if quoted by single quotes' );
			$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=\'1[#^`%"w/(\'' ), array( 'foo' => '1[#^`%"w/(' ), 'Single quotes are allowed if quoted by double quotes' );
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&"' ), array( 'foo' => '&"' ), 'Special chars can be provided as entities' );`
			`$this->assertEquals( Sanitizer::decodeTagAttributes( 'foo=&foobar;' ), array( 'foo' => '&foobar;' ), 'Entity-like items are accepted' );`
			`}`
Followup r94465 and r94465; Add phpunit tests for Sanitizer::fixDeprecatedAttributes and fix bugs related to clear="all" and mixed/uppercase attributes and values. 2011-09-25 04:08:23 +00:00
(bug 36495) Sanitizer: Convert align to margin/float outside tables. Change-Id: I108cbd100cff6bade011b14d74b5bca82f2a1e5f 2012-06-29 16:24:20 +00:00			`function testDeprecatedAttributesDisabled() {`
Followup r94465 and r94465; Add phpunit tests for Sanitizer::fixDeprecatedAttributes and fix bugs related to clear="all" and mixed/uppercase attributes and values. 2011-09-25 04:08:23 +00:00			`$GLOBALS['wgCleanupPresentationalAttributes'] = false;`
(bug 36495) Sanitizer: Convert align to margin/float outside tables. Change-Id: I108cbd100cff6bade011b14d74b5bca82f2a1e5f 2012-06-29 16:24:20 +00:00			`$this->assertEquals( ' clear="left"', Sanitizer::fixTagAttributes( 'clear="left"', 'br' ), 'Deprecated attributes are not converted to styles when enabled.' );`
			`}`

			`/**`
			`* @dataProvider provideDeprecatedAttributes`
			`*/`
			`function testDeprecatedAttributes( $input, $tag, $expected, $message = null ) {`
			`$GLOBALS['wgCleanupPresentationalAttributes'] = true;`
			`$this->assertEquals( $expected, Sanitizer::fixTagAttributes( $input, $tag ), $message );`
			`}`

			`function provideDeprecatedAttributes() {`
			`return array(`
			`array( 'clear="left"', 'br', ' style="clear: left;"', 'Deprecated attributes are converted to styles when enabled.' ),`
			`array( 'clear="all"', 'br', ' style="clear: both;"', 'clear=all is converted to clear: both; not clear: all;' ),`
			`array( 'CLEAR="ALL"', 'br', ' style="clear: both;"', 'clear=ALL is not treated differently from clear=all' ),`
			`array( 'width="100"', 'td', ' style="width: 100px;"', 'Numeric sizes use pixels instead of numbers.' ),`
			`array( 'width="100%"', 'td', ' style="width: 100%;"', 'Units are allowed in sizes.' ),`
			`array( 'WIDTH="100%"', 'td', ' style="width: 100%;"', 'Uppercase WIDTH is treated as lowercase width.' ),`
			`array( 'WiDTh="100%"', 'td', ' style="width: 100%;"', 'Mixed case does not break WiDTh.' ),`
			`array( 'nowrap="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute is output as white-space: nowrap; not something else.' ),`
			`array( 'nowrap=""', 'td', ' style="white-space: nowrap;"', 'nowrap="" is considered true, not false' ),`
			`array( 'NOWRAP="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute works when uppercase.' ),`
			`array( 'NoWrAp="true"', 'td', ' style="white-space: nowrap;"', 'nowrap attribute works when mixed-case.' ),`
(bug 40306) Only convert align to float for table. Align should be converted to text-align for all the elements specified in $presentationalAttribs mapping. Table however is an exception, it applies to alignment of the block (instead of the content). Follow up I108cbd10 / 27a4d74bd7. Change-Id: Iee17d4ef1a6a9b46d88a330cfc9179bccfe93247 2012-09-17 20:16:34 +00:00			`array( 'align="right"', 'td', ' style="text-align: right;"' , 'align on table cells gets converted to text-align' ),`
			`array( 'align="center"', 'td', ' style="text-align: center;"' , 'align on table cells gets converted to text-align' ),`
			`array( 'align="left"' , 'div', ' style="text-align: left;"' , 'align=(left\|right) on div elements gets converted to text-align' ),`
			`array( 'align="center"', 'div', ' style="text-align: center;"', 'align="center" on div elements gets converted to text-align' ),`
			`array( 'align="left"' , 'p', ' style="text-align: left;"' , 'align on p elements gets converted to text-align' ),`
			`array( 'align="left"' , 'h1', ' style="text-align: left;"' , 'align on h1 elements gets converted to text-align' ),`
			`array( 'align="left"' , 'h1', ' style="text-align: left;"' , 'align on h1 elements gets converted to text-align' ),`
			`array( 'align="left"' , 'caption',' style="text-align: left;"','align on caption elements gets converted to text-align' ),`
			`array( 'align="left"' , 'tfoot',' style="text-align: left;"' , 'align on tfoot elements gets converted to text-align' ),`
			`array( 'align="left"' , 'tbody',' style="text-align: left;"' , 'align on tbody elements gets converted to text-align' ),`

			`# <tr>`
			`array( 'align="right"' , 'tr', ' style="text-align: right;"' , 'align on table row get converted to text-align' ),`
			`array( 'align="center"', 'tr', ' style="text-align: center;"', 'align on table row get converted to text-align' ),`
			`array( 'align="left"' , 'tr', ' style="text-align: left;"' , 'align on table row get converted to text-align' ),`

			`#table`
			`array( 'align="left"' , 'table', ' style="float: left;"' , 'align on table converted to float' ),`
			`array( 'align="center"', 'table', ' style="margin-left: auto; margin-right: auto;"', 'align center on table converted to margins' ),`
			`array( 'align="right"' , 'table', ' style="float: right;"' , 'align on table converted to float' ),`
(bug 36495) Sanitizer: Convert align to margin/float outside tables. Change-Id: I108cbd100cff6bade011b14d74b5bca82f2a1e5f 2012-06-29 16:24:20 +00:00			`);`
Followup r94465 and r94465; Add phpunit tests for Sanitizer::fixDeprecatedAttributes and fix bugs related to clear="all" and mixed/uppercase attributes and values. 2011-09-25 04:08:23 +00:00			`}`
Test handling of escaped CSS comments r85856 fixed a CSS injection issue but lacked testing. This test verify we properly strip out CSS comments even when the token delimiter '/*' is backslash-escaped : \2f\2a 2011-10-24 08:39:58 +00:00
			`/**`
			`* @dataProvider provideCssCommentsFixtures`
			`*/`
			`function testCssCommentsChecking( $expected, $css, $message = '' ) {`
			`$this->assertEquals(`
			`$expected,`
			`Sanitizer::checkCss( $css ),`
			`$message`
			`);`
			`}`

			`function provideCssCommentsFixtures() {`
			`/** array( <expected>, <css>, [message] ) */`
			`return array(`
			`array( ' ', '/**/' ),`
			`array( ' ', '/****/' ),`
			`array( ' ', '/* comment */' ),`
			`array( ' ', "\\2f\\2a foo \\2a\\2f",`
			`'Backslash-escaped comments must be stripped (bug 28450)' ),`
			`array( '', '/* unfinished comment structure',`
			`'Remove anything after a comment-start token' ),`
			`array( '', "\\2f\\2a unifinished comment'",`
			`'Remove anything after a backslash-escaped comment-start token' ),`
			`);`
			`}`
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this. 2010-12-14 16:26:35 +00:00			`}`