Changeset 43781 for branches/5.0/tests/phpunit/tests/kses.php
- Timestamp:
- 10/22/2018 04:03:07 AM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.0/tests/phpunit/tests/kses.php
r43727 r43781 814 814 ); 815 815 } 816 817 /** 818 * Test URL sanitization in the style tag. 819 * 820 * @dataProvider data_kses_style_attr_with_url 821 * 822 * @ticket 45067 823 * 824 * @param $input string The style attribute saved in the editor. 825 * @param $expected string The sanitized style attribute. 826 */ 827 function test_kses_style_attr_with_url( $input, $expected ) { 828 $actual = safecss_filter_attr( $input ); 829 830 $this->assertSame( $expected, $actual ); 831 } 832 833 /** 834 * Data provider testing style attribute sanitization. 835 * 836 * @return array Nested array of input, expected pairs. 837 */ 838 function data_kses_style_attr_with_url() { 839 return array( 840 /* 841 * Valid use cases. 842 */ 843 844 // Double quotes. 845 array( 846 'background-image: url( "http://example.com/valid.gif" );', 847 'background-image: url( "http://example.com/valid.gif" )', 848 ), 849 850 // Single quotes. 851 array( 852 "background-image: url( 'http://example.com/valid.gif' );", 853 "background-image: url( 'http://example.com/valid.gif' )", 854 ), 855 856 // No quotes. 857 array( 858 'background-image: url( http://example.com/valid.gif );', 859 'background-image: url( http://example.com/valid.gif )', 860 ), 861 862 // Single quotes, extra spaces. 863 array( 864 "background-image: url( ' http://example.com/valid.gif ' );", 865 "background-image: url( ' http://example.com/valid.gif ' )", 866 ), 867 868 // Line breaks, single quotes. 869 array( 870 "background-image: url(\n'http://example.com/valid.gif' );", 871 "background-image: url('http://example.com/valid.gif' )", 872 ), 873 874 // Tabs not spaces, single quotes. 875 array( 876 "background-image: url(\t'http://example.com/valid.gif'\t\t);", 877 "background-image: url('http://example.com/valid.gif')", 878 ), 879 880 // Single quotes, absolute path. 881 array( 882 "background: url('/valid.gif');", 883 "background: url('/valid.gif')", 884 ), 885 886 // Single quotes, relative path. 887 array( 888 "background: url('../wp-content/uploads/2018/10/valid.gif');", 889 "background: url('../wp-content/uploads/2018/10/valid.gif')", 890 ), 891 892 // Error check: valid property not containing a URL. 893 array( 894 "background: red", 895 "background: red", 896 ), 897 898 /* 899 * Invalid use cases. 900 */ 901 902 // Attribute doesn't support URL properties. 903 array( 904 'color: url( "http://example.com/invalid.gif" );', 905 '', 906 ), 907 908 // Mismatched quotes. 909 array( 910 'background-image: url( "http://example.com/valid.gif\' );', 911 '', 912 ), 913 914 // Bad protocol, double quotes. 915 array( 916 'background-image: url( "bad://example.com/invalid.gif" );', 917 '', 918 ), 919 920 // Bad protocol, single quotes. 921 array( 922 "background-image: url( 'bad://example.com/invalid.gif' );", 923 '', 924 ), 925 926 // Bad protocol, single quotes. 927 array( 928 "background-image: url( 'bad://example.com/invalid.gif' );", 929 '', 930 ), 931 932 // Bad protocol, single quotes, strange spacing. 933 array( 934 "background-image: url( ' \tbad://example.com/invalid.gif ' );", 935 '', 936 ), 937 938 // Bad protocol, no quotes. 939 array( 940 'background-image: url( bad://example.com/invalid.gif );', 941 '', 942 ), 943 944 // No URL inside url(). 945 array( 946 'background-image: url();', 947 '', 948 ), 949 950 // Malformed, no closing `)`. 951 array( 952 'background-image: url( "http://example.com" ;', 953 '', 954 ), 955 956 // Malformed, no closing `"`. 957 array( 958 'background-image: url( "http://example.com );', 959 '', 960 ), 961 ); 962 } 816 963 }
Note: See TracChangeset
for help on using the changeset viewer.