aschwarz/fachprojekt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
aschwarz
2023-02-27 12:57:51 +01:00
commit 35f3994c25
2442 changed files with 470540 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
htmlpurifier-4.10.0/smoketests/all.php Executable file
View File

@ -0,0 +1,44 @@
<?php
require_once 'common.php';
header('Content-type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>HTML Purifier: All Smoketests</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
#content {margin:5em;}
iframe {width:100%;height:30em;}
</style>
</head>
<body>
<h1>HTML Purifier: All Smoketests</h1>
<div id="content">
<?php
$dir = './';
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
if ($filename[0] == '.') continue;
if (strpos($filename, '.php') === false) continue;
if ($filename == 'common.php') continue;
if ($filename == 'all.php') continue;
if ($filename == 'testSchema.php') continue;
?>
<iframe src="<?php echo escapeHTML($filename); if (isset($_GET['standalone'])) {echo '?standalone';} ?>"></iframe>
<?php
}
?>
</div>
</body>
</html>
<?php
// vim: et sw=4 sts=4

75
htmlpurifier-4.10.0/smoketests/allConfigForm.php Executable file
View File

@ -0,0 +1,75 @@
<?php
require_once 'common.php'; // load library
require_once 'HTMLPurifier/Printer/ConfigForm.php';
$config = HTMLPurifier_Config::loadArrayFromForm($_POST, 'config');
// you can do custom configuration!
if (file_exists('allConfigForm.settings.php')) {
include 'allConfigForm.settings.php';
}
$gen_config = HTMLPurifier_Config::createDefault();
$printer_config_form = new HTMLPurifier_Printer_ConfigForm(
'config',
'http://htmlpurifier.org/live/configdoc/plain.html#%s'
);
$purifier = new HTMLPurifier($config);
$html = isset($_POST['html']) ? $_POST['html'] : "";
$purified = $purifier->purify($html);
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>HTML Purifier All Config Form smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
.hp-config {margin-left:auto; margin-right:auto;}
.HTMLPurifier_Printer table {border-collapse:collapse;
border:1px solid #000; width:600px;
margin:1em auto;font-family:sans-serif;font-size:75%;}
.HTMLPurifier_Printer td, .HTMLPurifier_Printer th {padding:3px;
border:1px solid #000;background:#CCC; vertical-align: baseline;}
.HTMLPurifier_Printer th {text-align:left;background:#CCF;width:20%;}
.HTMLPurifier_Printer caption {font-size:1.5em; font-weight:bold;}
.HTMLPurifier_Printer .heavy {background:#99C;text-align:center;}
.HTMLPurifier_Printer .unsafe {background:#C99;}
dt {font-weight:bold;}
</style>
<link rel="stylesheet" href="../library/HTMLPurifier/Printer/ConfigForm.css" type="text/css" />
<script defer="defer" type="text/javascript" src="../library/HTMLPurifier/Printer/ConfigForm.js"></script>
</head>
<body>
<h1>HTML Purifier All Config Form Smoketest</h1>
<p>This prints config form for everything we support.</p>
<form method="post" action="" name="hp-configform">
<table style="width:100%">
<tr><th>Input</th><th>Output</th>
<tr><td style="width:50%">
<textarea name="html" style="width:100%" rows="15"><?php echo htmlspecialchars($html) ?></textarea>
</td><td style="width:50%">
<textarea name="result" style="width:100%" rows="15"><?php echo htmlspecialchars($purified) ?></textarea>
</td></tr>
</table>
<input type="submit" />
<?php
echo $printer_config_form->render($config);
?>
</form>
<pre><?php
echo htmlspecialchars(var_export($config->getAll(), true));
?></pre>
<?php
// vim: et sw=4 sts=4

72
htmlpurifier-4.10.0/smoketests/attrTransform.php Executable file
View File

@ -0,0 +1,72 @@
<?php
require 'common.php';
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>HTML Purifier Attribute Transformation Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
div.container {position:relative;height:120px;border:1px solid #CCC;
margin-bottom:1em; width:225px; float:left; margin-top:1em;
margin-right:1em;}
h2 {clear:left;margin-bottom:0;}
div.container.legend .test {text-align:center;line-height:100px;}
div.test {width:100px;height:100px;border:1px solid black;
position:absolute;top:10px;overflow:auto;}
div.test.html {left:10px;border-right:none;background:#FCC;}
div.test.css {left:110px;background:#CFC;}
img.marked {border:1px solid #000;background:#FFF;}
table.bright {background-color:#F00;}
hr.short {width:50px;}
</style>
</head>
<body>
<h1>HTML Purifier Attribute Transformation Smoketest</h1>
<div class="container legend">
<div class="test html">
HTML
</div>
<div class="test css">
CSS
</div>
</div>
<?php
if (version_compare(PHP_VERSION, '5', '<')) exit('<p>Requires PHP 5.</p>');
$xml = simplexml_load_file('attrTransform.xml');
// attr transform enabled HTML Purifier
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$purifier = new HTMLPurifier($config);
$title = isset($_GET['title']) ? $_GET['title'] : true;
foreach ($xml->group as $group) {
echo '<h2>' . $group['title'] . '</h2>';
foreach ($group->sample as $sample) {
$sample = (string) $sample;
?>
<div class="container">
<div class="test html">
<?php echo $sample; ?>
</div>
<div class="test css">
<?php echo $purifier->purify($sample); ?>
</div>
</div>
<?php
}
}
?>
</body>
</html>
<?php
// vim: et sw=4 sts=4

192
htmlpurifier-4.10.0/smoketests/attrTransform.xml Executable file
View File

@ -0,0 +1,192 @@
<?xml version="1.0"?>
<samples>
<group title="menu,dir">
<sample><![CDATA[<menu><li>menu</li></menu>]]></sample>
<sample><![CDATA[<dir><li>dir</li></dir>]]></sample>
</group>
<group title="font">
<sample><![CDATA[<font color="red">Red</font>]]></sample>
<sample><![CDATA[<font color="#0000FF">#0000FF</font>]]></sample>
<sample><![CDATA[<font face="Arial">Arial</font>]]></sample>
</group>
<group title="font.size">
<sample><![CDATA[<font size="-2">-2</font>]]></sample>
<sample><![CDATA[<font size="-1">-1</font>]]></sample>
<sample><![CDATA[<font size="0">0</font>]]></sample>
<sample><![CDATA[<font size="1">1</font>]]></sample>
<sample><![CDATA[<font size="2">2</font>]]></sample>
<sample><![CDATA[<font size="3">3</font>]]></sample>
<sample><![CDATA[<font size="4">4</font>]]></sample>
<sample><![CDATA[<font size="5">5</font>]]></sample>
<sample><![CDATA[<font size="6">6</font>]]></sample>
<sample><![CDATA[<font size="7">7</font>]]></sample>
<sample><![CDATA[<font size="8">8</font>]]></sample>
<sample><![CDATA[<font size="+1">+1</font>]]></sample>
<sample><![CDATA[<font size="+2">+2</font>]]></sample>
<sample><![CDATA[<font size="+3">+3</font>]]></sample>
<sample><![CDATA[<font size="+4">+4</font>]]></sample>
<sample><![CDATA[<font size="+5">+5</font>]]></sample>
</group>
<group title="center">
<sample><![CDATA[<center>Centered</center>]]></sample>
</group>
<group title="p.align">
<sample><![CDATA[<p align="left">Left</p>]]></sample>
<sample><![CDATA[<p align="center">Center</p>]]></sample>
<sample><![CDATA[<p align="right">Right</p>]]></sample>
</group>
<group title="table.bgcolor">
<sample><![CDATA[
<table bgcolor="black" cellspacing="2" cellpadding="2" border="1">
<tr bgcolor="red">
<th bgcolor="green">To</th>
<td bgcolor="blue">Be</td>
</tr>
<tr>
<th bgcolor="green">Or</th>
<td>Not</td>
</tr>
<tr bgcolor="red">
<th>To</th>
<td>Be</td>
</tr>
</table>
]]></sample>
<sample><![CDATA[
<table class="bright" bgcolor="black" cellspacing="2" cellpadding="2" border="1">
<tr>
<th bgcolor="green">Or</th>
<td>Not</td>
</tr>
<tr bgcolor="blue">
<th bgcolor="green">To</th>
<td>Be</td>
</tr>
</table>
]]></sample>
</group>
<group title="img.border">
<sample><![CDATA[<img src="img.png" alt="I" border="2" />]]></sample>
<sample><![CDATA[<a href="http://example.com/"><img src="img.png" alt="I" border="2" /></a>]]></sample>
</group>
<group title="td,th,hr.width">
<sample><![CDATA[
<table border="1">
<tr>
<th width="20">x1</th>
<td width="40">x2</td>
</tr>
</table>
]]></sample>
<sample><![CDATA[
<table border="1">
<tr>
<th width="33%">x1</th>
<td width="67%">x2</td>
</tr>
</table>
]]></sample>
<sample><![CDATA[<hr width="70%" /><hr width="30" />]]></sample>
</group>
<group title="td,th.nowrap">
<sample><![CDATA[
<table border="1">
<tr>
<th>This wants to wrap</th>
<td>really badly yes it does</td>
</tr>
</table>
]]></sample>
<sample><![CDATA[
<table border="1">
<tr>
<th nowrap>This wants to wrap</th>
<td nowrap>really badly yes it does</td>
</tr>
</table>
]]></sample>
</group>
<group title="td,th.height">
<sample><![CDATA[<table border="1"><tr><td height="60">tall</td></tr></table>]]></sample>
</group>
<group title="img.vspace,hspace">
<sample><![CDATA[a<img src="img.png" alt="I" class="marked" hspace="7" />a]]></sample>
<sample><![CDATA[<img src="img.png" alt="I" class="marked" vspace="7" /><br />o]]></sample>
</group>
<group title="hr">
<sample><![CDATA[<hr size="4" />]]></sample>
<sample><![CDATA[<hr size="50" noshade />]]></sample>
</group>
<group title="br.clear">
<sample><![CDATA[<img src="img.png" alt="I" align="right" />B<br />A]]></sample>
<sample><![CDATA[<img src="img.png" alt="I" align="right" />B<br clear="right" />A]]></sample>
<sample><![CDATA[<img src="img.png" alt="I" align="right" /><img src="img.png" alt="I" align="left" />B<br />A]]></sample>
<sample><![CDATA[<img src="img.png" alt="I" align="right" /><img src="img.png" alt="I" align="left" />B<br clear="all" />A]]></sample>
</group>
<group title="caption.align">
<sample><![CDATA[
<table border="1">
<caption align="left">Left</caption>
<tr><td>1.1</td><td>1.2</td></tr>
</table>
]]></sample>
<sample><![CDATA[
<table border="1">
<caption align="right">Right</caption>
<tr><td>1.1</td><td>1.2</td></tr>
</table>
]]></sample>
<sample><![CDATA[
<table border="1">
<caption align="top">Top</caption>
<tr><td>1.1</td><td>1.2</td></tr>
</table>
]]></sample>
<sample><![CDATA[
<table border="1">
<caption align="bottom">Bottom</caption>
<tr><td>1.1</td><td>1.2</td></tr>
</table>
]]></sample>
</group>
<group title="img.align">
<sample><![CDATA[left<img src="img.png" alt="I" class="marked" align="left" />]]></sample>
<sample><![CDATA[right<img src="img.png" alt="I" class="marked" align="right" />]]></sample>
<sample><![CDATA[o<img src="img.png" alt="I" class="marked" align="top" /> top]]></sample>
<sample><![CDATA[o<img src="img.png" alt="I" class="marked" align="bottom" /> bottom]]></sample>
<sample><![CDATA[o<img src="img.png" alt="I" class="marked" align="middle" /> middle]]></sample>
</group>
<group title="table.align">
<sample><![CDATA[a<table align="left" class="bright"><tr><td>left</td></tr></table>a]]></sample>
<sample><![CDATA[a<table align="center" class="bright"><tr><td>center</td></tr></table>a]]></sample>
<sample><![CDATA[a<table align="right" class="bright"><tr><td>right</td></tr></table>a]]></sample>
</group>
<group title="hr.align">
<sample><![CDATA[<hr align="left" class="short" />left]]></sample>
<sample><![CDATA[<hr align="center" class="short" />center]]></sample>
<sample><![CDATA[<hr align="right" class="short" />right]]></sample>
</group>
<group title="ul,ol,li.type">
<sample><![CDATA[<ul type="disc"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ul type="square"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ul type="circle"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ol type="a"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ol type="A"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ol type="i"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ol type="I"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ol type="1"><li>1</li><li>2</li></ul>]]></sample>
<sample><![CDATA[<ol><li type="a">1</li><li type="I">2</li></ul>]]></sample>
</group>
<!-- sample
<group title="">
<sample><![CDATA[]]></sample>
<sample><![CDATA[]]></sample>
<sample><![CDATA[]]></sample>
</group>
-->
</samples>
<!-- vim: et sw=4 sts=4
-->

73
htmlpurifier-4.10.0/smoketests/basic.php Executable file
View File

@ -0,0 +1,73 @@
<?php
require_once 'common.php';
// todo : modularize the HTML in to separate files
$allowed = array(
'allElements' => true,
'legacy' => true
);
$page = isset($_GET['p']) ? $_GET['p'] : false;
if (!isset($allowed[$page])) $page = false;
$strict = isset($_GET['d']) ? (bool) $_GET['d'] : false;
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?>
<?php if ($strict) { ?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1- Strict.dtd">
<?php } else { ?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-loose.dtd">
<?php } ?>
<html>
<head>
<title>HTML Purifier Basic Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<?php
if ($page) {
if (file_exists("basic/$page.css")) {
?><link rel="stylesheet" href="basic/<?php echo $page ?>.css" type="text/css" /><?php
}
}
?>
</head>
<body>
<?php
if ($page) {
?>
<div style="float:right;"><div><?php echo $strict ? 'Strict' : 'Loose'; ?>:
<a href="?d=<?php echo (int) !$strict; ?>&amp;p=<?php echo $page ?>">Swap</a></div>
<a href="http://validator.w3.org/check?uri=referer"><img
src="http://www.w3.org/Icons/valid-xhtml10"
alt="Valid XHTML 1.0 Transitional" height="31" width="88" style="border:0;" /></a>
</div>
<?php
$config = HTMLPurifier_Config::createDefault();
$config->set('Attr.EnableID', true);
$config->set('HTML.Strict', $strict);
$purifier = new HTMLPurifier($config);
echo $purifier->purify(file_get_contents("basic/$page.html"));
} else {
?>
<h1>HTML Purifier Basic Smoketest Index</h1>
<ul>
<?php
foreach ($allowed as $val => $b) {
?><li><a href="?p=<?php echo $val ?>"><?php echo $val ?></a></li><?php
}
?></ul><?php
}
?>
</body>
</html>
<?php
// vim: et sw=4 sts=4

50
htmlpurifier-4.10.0/smoketests/basic/allElements.css Executable file
View File

@ -0,0 +1,50 @@
div > * {background:#F00; color:#FFF; font-weight:bold; padding:0.2em; margin:0.1em;}
#core-attributes #core-attributes-id,
#core-attributes .core-attributes-class,
#core-attributes div[title='tooltip'],
#core-attributes div[lang='en'],
#core-attributes div[onclick="alert('foo');"],
#module-text abbr,
#module-text acronym,
#module-text div blockquote,
#module-text blockquote[cite='http://www.example.com'],
#module-text br,
#module-text cite,
#module-text code,
#module-text dfn,
#module-text em,
#module-text h1,
#module-text h2,
#module-text h3,
#module-text h4,
#module-text h5,
#module-text h6,
#module-text kbd,
#module-text p,
#module-text pre,
#module-text span q,
#module-text q[cite='http://www.example.com'],
#module-text samp,
#module-text strong,
#module-text var,
#module-hypertext span a,
#module-hypertext a[accesskey='q'],
#module-hypertext a[charset='UTF-8'],
#module-hypertext a[href='http://www.example.com/'],
#module-hypertext a[hreflang='en'],
#module-hypertext a[rel='nofollow'],
#module-hypertext a[rev='index'],
#module-hypertext a[tabindex='1'],
#module-hypertext a[type='text/plain'],
#module-list dl,
#module-list ul,
#module-list ol,
#module-list li,
#module-list dd,
#module-list dt,
.insert-declarations-above
{background:#008000; margin:0; padding:0.2em;}
#module-text span, #module-text div {padding:0; margin:0.1em;}
#module-list li, #module-list dd, #module-list dt {border:1px solid #FFF;}
/* vim: et sw=4 sts=4 */

82
htmlpurifier-4.10.0/smoketests/basic/allElements.html Executable file
View File

@ -0,0 +1,82 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>HTML Purifier All Elements Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="allElements.css" type="text/css" />
</head>
<body>
<h1>HTML Purifier All Elements Smoketest</h1>
<p>This is the all elements smoke
test. It is divided by XHTML 1.1 style modules. Make sure
<code>div</code>, <code>span</code> and <code>id</code> are allowed,
otherwise there will be problems.</p>
<h2>Core attributes</h2>
<div id="core-attributes">
<div id="core-attributes-id">id</div>
<div class="core-attributes-class">class</div>
<div title="tooltip">title</div>
<div lang="en">lang</div>
<div xml:lang="en">xml:lang (green when lang also present)</div>
<div style="background:#008000">style</div>
<div onclick="alert('foo');">onclick (and other event handlers)</div>
</div>
<h2>Text module</h2>
<div id="module-text">
<abbr>abbr</abbr>
<acronym>acronym</acronym>
<div><blockquote>blockquote</blockquote></div>
<blockquote cite="http://www.example.com">blockquote@cite</blockquote>
<br />
<cite>cite</cite>
<code>code</code>
<dfn>dfn</dfn>
<em>em</em>
<h1>h1</h1>
<h2>h2</h2>
<h3>h3</h3>
<h4>h4</h4>
<h5>h5</h5>
<h6>h6</h6>
<kbd>kbd</kbd>
<p>p</p>
<pre>pre</pre>
<span><q>q</q></span>
<q cite="http://www.example.com">q@cite</q>
<samp>samp</samp>
<strong>strong</strong>
<var>var</var>
</div>
<h2>Hypertext module</h2>
<div id="module-hypertext">
<span><a>a</a></span>:
<a accesskey="q">accesskey</a>
<a charset="UTF-8">charset</a>
<a href="http://www.example.com/">href</a>
<a hreflang="en">hreflang</a>
<a rel="nofollow">rel</a>
<a rev="index">rev</a>
<a tabindex="1">tabindex</a>
<a type="text/plain">type</a>
</div>
<h2>List module</h2>
<div id="module-list">
<dl><dt>dl dt</dt><dd>dl dd</dd></dl>
<ol><li>ol li</li></ol>
<ul><li>ul li</li></ul>
</div>
</body>
</html>
<!-- vim: et sw=4 sts=4
-->

73
htmlpurifier-4.10.0/smoketests/basic/legacy.css Executable file
View File

@ -0,0 +1,73 @@
center,
dir[compact='compact'],
isindex[prompt='Foo'],
menu[compact='compact'],
s,
u,
strike,
caption[align='bottom'],
div[align='center'],
dl[compact='compact'],
h1[align='right'],
h2[align='right'],
h3[align='right'],
h4[align='right'],
h5[align='right'],
h6[align='right'],
hr[align='right'],
hr[noshade='noshade'],
hr[width='50'],
hr[size='50'],
img[align='right'],
img[border='3'],
img[hspace='5'],
img[vspace='5'],
input[align='right'],
legend[align='center'],
li[type='A'],
li[value='5'],
ol[compact='compact'],
ol[start='3'],
ol[type='I'],
p[align='right'],
pre[width='50'],
table[align='right'],
table[bgcolor='#0000FF'],
tr[bgcolor='#0000FF'],
td[bgcolor='#0000FF'],
td[height='50'],
td[nowrap='nowrap'],
td[width='200'],
th[bgcolor='#0000FF'],
th[height='50'],
th[nowrap='nowrap'],
th[width='200'],
ul[compact='compact'],
ul[type='square'],
.insert-declarations-above
{background:#008000; color:#FFF; font-weight:bold;}
font {background:#BFB;}
u {border:1px solid #000;}
hr {height:1em;}
hr[size='50'] {height:50px;}
img[border='3'] {border: 3px solid #000;}
li[type='a'], li[value='5'] {color:#DDD;}
/* vim: et sw=4 sts=4 */

127
htmlpurifier-4.10.0/smoketests/basic/legacy.html Executable file
View File

@ -0,0 +1,127 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>HTML Purifier Legacy Smoketest Test Data</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="legacy.css" type="text/css" />
</head>
<body>
<h1>HTML Purifier Legacy Smoketest Test Data</h1>
<p>This is the legacy smoketest.</p>
<h2>Elements</h2>
<div>
<div>
<basefont color="green" face="Arial" size="6" id="basefont" />
basefont: Green, Arial, size 6 text (IE-only)
</div>
<center>center</center>
<dir compact="compact">
<li>dir</li>
</dir>
<font color="green" face="Arial" size="6">font: Green, Arial, size 6 text</font>
isindex:
<isindex prompt="Foo" />
<menu compact="compact">
<li>menu</li>
</menu>
<s>s</s> <strike>strike</strike> <u>u</u>
</div>
<h2>Attributes</h2>
<div>
<!-- body -->
<div style="font-size:42pt; float:left;">*</div>
<br clear="left" />
<p>br@clear (asterisk is up)</p>
<table>
<caption align="bottom">caption@align</caption>
<tr><td>Cell</td></tr>
</table>
<div align="center">div@center</div>
<dl compact="compact">
<dt>dl@compact</dt>
</dl>
<h1 align="right">h1</h1>
<h2 align="right">h2</h2>
<h3 align="right">h3</h3>
<h4 align="right">h4</h4>
<h5 align="right">h5</h5>
<h6 align="right">h6</h6>
hr@align
<hr align="right" width="50" />
hr@noshade
<hr noshade="noshade" />
hr@width
<hr width="50" />
hr@size
<hr size="50" />
<img src="" alt="img@align" align="right" /> |
<img src="" alt="img@border" border="3" /> |
<img src="" alt="img@hspace" hspace="5" /> |
<img src="" alt="img@vspace" vspace="5" />
<!-- needs context -->
<input align="right" />
<legend align="center">Legend</legend>
<ol>
<li type="A">li@type (ensure that it's a capital A)</li>
<li value="5">li@value</li>
</ol>
<ol compact="compact"><li>ol@compact</li></ol>
<ol start="3"><li>ol@start</li></ol>
<ol type="I"><li>ol@type</li></ol>
<p align="right">p@align</p>
<pre width="50">pre@width</pre>
<script language="JavaScript">document.writeln('script');</script>
<table align="right"><tr><td>table@align</td></tr></table>
<table bgcolor="#0000FF"><tr><td>table@bgcolor</td></tr></table>
<table><tr bgcolor="#0000FF"><td>tr@bgcolor</td></tr></table>
<table><tr><td bgcolor="#0000FF">td@bgcolor</td></tr></table>
<table><tr><td height="50">td@height</td></tr></table>
<table><tr><td nowrap="nowrap">td@nowrap</td></tr></table>
<table><tr><td width="200">td@width</td></tr></table>
<table><tr><th bgcolor="#0000FF">th@bgcolor</th></tr></table>
<table><tr><th height="50">th@height</th></tr></table>
<table><tr><th nowrap="nowrap">th@nowrap</th></tr></table>
<table><tr><th width="200">th@width</th></tr></table>
<ul compact="compact"><li>ul@compact</li></ul>
<ul type="square"><li>ul@square</li></ul>
</div>
</body>
</html>
<!-- vim: et sw=4 sts=4
-->

14
htmlpurifier-4.10.0/smoketests/cacheConfig.php Executable file
View File

@ -0,0 +1,14 @@
<?php
require_once 'common.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Doctype', 'HTML 4.01 Strict');
$config->set('HTML.Allowed', 'b,a[href],br');
$config->set('CSS.AllowTricky', true);
$config->set('URI.Disable', true);
$serial = $config->serialize();
$result = unserialize($serial);
$purifier = new HTMLPurifier($result);
echo htmlspecialchars($purifier->purify('<b>Bold</b><br><i><a href="http://google.com">no</a> formatting</i>'));

39
htmlpurifier-4.10.0/smoketests/common.php Executable file
View File

@ -0,0 +1,39 @@
<?php
header('Content-type: text/html; charset=UTF-8');
if (!isset($_GET['standalone'])) {
require_once '../library/HTMLPurifier.auto.php';
} else {
require_once '../library/HTMLPurifier.standalone.php';
}
error_reporting(E_ALL);
function escapeHTML($string)
{
$string = HTMLPurifier_Encoder::cleanUTF8($string);
$string = htmlspecialchars($string, ENT_COMPAT, 'UTF-8');
return $string;
}
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
function fix_magic_quotes(&$array)
{
foreach ($array as $k => $val) {
if (!is_array($val)) {
$array[$k] = stripslashes($val);
} else {
fix_magic_quotes($array[$k]);
}
}
}
fix_magic_quotes($_GET);
fix_magic_quotes($_POST);
fix_magic_quotes($_COOKIE);
fix_magic_quotes($_REQUEST);
fix_magic_quotes($_ENV);
fix_magic_quotes($_SERVER);
}
// vim: et sw=4 sts=4

77
htmlpurifier-4.10.0/smoketests/configForm.php Executable file
View File

@ -0,0 +1,77 @@
<?php
require_once 'common.php';
// Setup environment
require_once '../extras/HTMLPurifierExtras.auto.php';
$interchange = HTMLPurifier_ConfigSchema_InterchangeBuilder::buildFromDirectory('test-schema/');
$interchange->validate();
if (isset($_GET['doc'])) {
// Hijack page generation to supply documentation
if (file_exists('test-schema.html') && !isset($_GET['purge'])) {
echo file_get_contents('test-schema.html');
exit;
}
$style = 'plain';
$configdoc_xml = 'test-schema.xml';
$xml_builder = new HTMLPurifier_ConfigSchema_Builder_Xml();
$xml_builder->openURI($configdoc_xml);
$xml_builder->build($interchange);
unset($xml_builder); // free handle
$xslt = new ConfigDoc_HTMLXSLTProcessor();
$xslt->importStylesheet("../configdoc/styles/$style.xsl");
$xslt->setParameters(array(
'css' => '../configdoc/styles/plain.css',
));
$html = $xslt->transformToHTML($configdoc_xml);
unlink('test-schema.xml');
file_put_contents('test-schema.html', $html);
echo $html;
exit;
}
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTML Purifier Config Form Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../library/HTMLPurifier/Printer/ConfigForm.css" type="text/css" />
<script defer="defer" type="text/javascript" src="../library/HTMLPurifier/Printer/ConfigForm.js"></script>
</head>
<body>
<h1>HTML Purifier Config Form Smoketest</h1>
<p>This file outputs the configuration form for every single type
of directive possible.</p>
<form id="htmlpurifier-config" name="htmlpurifier-config" method="get" action=""
style="float:right;">
<?php
$schema_builder = new HTMLPurifier_ConfigSchema_Builder_ConfigSchema();
$schema = $schema_builder->build($interchange);
$config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config', true, true, $schema);
$printer = new HTMLPurifier_Printer_ConfigForm('config', '?doc#%s');
echo $printer->render(array(HTMLPurifier_Config::createDefault(), $config));
?>
</form>
<pre>
<?php
echo htmlspecialchars(var_export($config->getAll(), true));
?>
</pre>
</body>
</html>
<?php
// vim: et sw=4 sts=4

37
htmlpurifier-4.10.0/smoketests/dataScheme.php Executable file
View File

@ -0,0 +1,37 @@
<?php
require_once 'common.php';
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>HTML Purifier data Scheme Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>HTML Purifier data Scheme Smoketest</h1>
<?php
$string = '<img src="data:image/png;base64,
iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAABGdBTUEAALGP
C/xhBQAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9YGARc5KB0XV+IA
AAAddEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIFRoZSBHSU1Q72QlbgAAAF1J
REFUGNO9zL0NglAAxPEfdLTs4BZM4DIO4C7OwQg2JoQ9LE1exdlYvBBeZ7jq
ch9//q1uH4TLzw4d6+ErXMMcXuHWxId3KOETnnXXV6MJpcq2MLaI97CER3N0
vr4MkhoXe0rZigAAAABJRU5ErkJggg==" alt="Red dot" />';
$purifier = new HTMLPurifier(array('URI.AllowedSchemes' => 'data'));
?>
<div><?php
echo $purifier->purify($string);
?></div>
</body>
</html>
<?php
// vim: et sw=4 sts=4

73
htmlpurifier-4.10.0/smoketests/extractStyleBlocks.php Executable file
View File

@ -0,0 +1,73 @@
<?php
require_once 'common.php';
require_once 'HTMLPurifier/Filter/ExtractStyleBlocks.php';
// need CSSTidy location
$csstidy_location = false;
if (file_exists('../conf/test-settings.php')) include '../conf/test-settings.php';
if (file_exists('../test-settings.php')) include '../test-settings.php';
if (!$csstidy_location) {
?>
Error: <a href="http://csstidy.sourceforge.net/">CSSTidy</a> library not
found, please install and configure <code>test-settings.php</code>
accordingly.
<?php
exit;
}
require_once $csstidy_location . 'class.csstidy.php';
require_once $csstidy_location . 'class.csstidy_print.php';
$purifier = new HTMLPurifier(array(
'Filter.ExtractStyleBlocks' => true,
));
$html = isset($_POST['html']) ? $_POST['html'] : '';
$purified_html = $purifier->purify($html);
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Extract Style Blocks - HTML Purifier Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<?php
// generate style blocks
foreach ($purifier->context->get('StyleBlocks') as $style) {
?><style type="text/css">
<!--/*--><![CDATA[/*><!--*/
<?php echo $style; ?>
/*]]>*/-->
</style>
<?php
}
?>
</head>
<body>
<h1>Extract Style Blocks</h1>
<p>
This smoketest allows users to specify global style sheets for the
document, allowing for interesting techniques and compact markup
that wouldn't normally be possible, using the ExtractStyleBlocks filter.
</p>
<p>
User submitted content:
</p>
<div style="border: 1px solid #CCC; margin: 1em; padding: 1em;">
<?php echo $purified_html ?>
</div>
<form action="" method="post">
<textarea cols="100" rows="20" name="html"><?php echo escapeHTML($html) ?></textarea>
<input type="submit" value="Submit" />
</form>
</body>
</html>
<?php
// vim: et sw=4 sts=4

BIN
htmlpurifier-4.10.0/smoketests/img.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 KiB

33
htmlpurifier-4.10.0/smoketests/innerHTML.html Executable file
View File

@ -0,0 +1,33 @@
<html>
<head>
<title>innerHTML smoketest</title>
</head>
<body>
<!--
What we're going to do is use JavaScript to calculate
fixpoints of innerHTML parse and reparsing. We start with
an input value, encoded in a JavaScript string.
x.innerHTML = input
We then snapshot the DOM state of x, and then perform the
iteration:
intermediate = x.innerHTML
x.innerHTML = intermediate
What inputs are we going to test?
We will generate using the following alphabet:
a01~!@#$%^&*()_+`-=[]\{}|;':",./<>? (and <space>)
-->
<textarea id="out" style="width:100%;height:100%;"></textarea>
<div id="testContainer" style="display:none"></div>
<script src="innerHTML.js" type="text/javascript"></script>
</body>
</html>

51
htmlpurifier-4.10.0/smoketests/innerHTML.js Executable file
View File

@ -0,0 +1,51 @@
var alphabet = 'a!`=[]\\;\':"/<> &';
var out = document.getElementById('out');
var testContainer = document.getElementById('testContainer');
function print(s) {
out.value += s + "\n";
}
function testImage() {
return testContainer.firstChild;
}
function test(input) {
var count = 0;
var oldInput, newInput;
testContainer.innerHTML = "<img />";
testImage().setAttribute("alt", input);
print("------");
print("Test input: " + input);
do {
oldInput = testImage().getAttribute("alt");
var intermediate = testContainer.innerHTML;
print("Render: " + intermediate);
testContainer.innerHTML = intermediate;
if (testImage() == null) {
print("Image disappeared...");
break;
}
newInput = testImage().getAttribute("alt");
print("New value: " + newInput);
count++;
} while (count < 5 && newInput != oldInput);
if (count == 5) {
print("Failed to achieve fixpoint");
}
testContainer.innerHTML = "";
}
print("Go!");
test("`` ");
test("'' ");
for (var i = 0; i < alphabet.length; i++) {
for (var j = 0; j < alphabet.length; j++) {
test(alphabet.charAt(i) + alphabet.charAt(j));
}
}
// document.getElementById('out').textContent = alphabet;

72
htmlpurifier-4.10.0/smoketests/preserveYouTube.php Executable file
View File

@ -0,0 +1,72 @@
<?php
require_once 'common.php';
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>HTML Purifier Preserve YouTube Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>HTML Purifier Preserve YouTube Smoketest</h1>
<?php
$string = '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>
<object width="416" height="337"><param name="movie" value="http://www.youtube.com/cp/vjVQa1PpcFNbP_fag8PvopkXZyiXyT0J8U47lw7x5Fc="></param><embed src="http://www.youtube.com/cp/vjVQa1PpcFNbP_fag8PvopkXZyiXyT0J8U47lw7x5Fc=" type="application/x-shockwave-flash" width="416" height="337"></embed></object>
<object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/uNxBeJNyAqA&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="385" width="480"><param name="width" value="480" /><param name="height" value="385" /><param name="src" value="http://www.youtube.com/p/E37ADDDFCA0FD050&amp;hl=en" /><embed height="385" src="http://www.youtube.com/p/E37ADDDFCA0FD050&amp;hl=en" type="application/x-shockwave-flash" width="480"></embed></object>
<object
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
id="ooyalaPlayer_229z0_gbps1mrs" width="630" height="354"
codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param
name="movie" value="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
/><param name="bgcolor" value="#000000" /><param
name="allowScriptAccess" value="always" /><param
name="allowFullScreen" value="true" /><param name="flashvars"
value="embedType=noscriptObjectTag&embedCode=pteGRrMTpcKMyQ052c8NwYZ5M5FdSV3j"
/><embed src="http://player.ooyala.com/player.swf?embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za&version=2"
bgcolor="#000000" width="630" height="354"
name="ooyalaPlayer_229z0_gbps1mrs" align="middle" play="true"
loop="false" allowscriptaccess="always" allowfullscreen="true"
type="application/x-shockwave-flash"
flashvars="&embedCode=FpZnZwMTo1wqBF-ed2__OUBb3V4HR6za"
pluginspage="http://www.adobe.com/go/getflashplayer"></embed></object>
';
$regular_purifier = new HTMLPurifier();
$safeobject_purifier = new HTMLPurifier(array(
'HTML.SafeObject' => true,
'Output.FlashCompat' => true,
));
?>
<h2>Unpurified</h2>
<p><a href="?break">Click here to see the unpurified version (breaks validation).</a></p>
<div><?php
if (isset($_GET['break'])) echo $string;
?></div>
<h2>Without YouTube exception</h2>
<div><?php
echo $regular_purifier->purify($string);
?></div>
<h2>With SafeObject exception and flash compatibility</h2>
<div><?php
echo $safeobject_purifier->purify($string);
?></div>
</body>
</html>
<?php
// vim: et sw=4 sts=4

119
htmlpurifier-4.10.0/smoketests/printDefinition.php Executable file
View File

@ -0,0 +1,119 @@
<?php
require_once 'common.php'; // load library
require_once 'HTMLPurifier/Printer/HTMLDefinition.php';
require_once 'HTMLPurifier/Printer/CSSDefinition.php';
require_once 'HTMLPurifier/Printer/ConfigForm.php';
$config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config', 'HTML');
// you can do custom configuration!
if (file_exists('printDefinition.settings.php')) {
include 'printDefinition.settings.php';
}
$gen_config = HTMLPurifier_Config::createDefault();
$printer_html_definition = new HTMLPurifier_Printer_HTMLDefinition();
$printer_html_definition->prepareGenerator($gen_config);
$printer_css_definition = new HTMLPurifier_Printer_CSSDefinition();
$printer_css_definition->prepareGenerator($gen_config);
$printer_config_form = new HTMLPurifier_Printer_ConfigForm(
'config',
'http://htmlpurifier.org/live/configdoc/plain.html#%s'
);
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>HTML Purifier Printer Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
.hp-config {margin-left:auto; margin-right:auto;}
.HTMLPurifier_Printer table {border-collapse:collapse;
border:1px solid #000; width:600px;
margin:1em auto;font-family:sans-serif;font-size:75%;}
.HTMLPurifier_Printer td, .HTMLPurifier_Printer th {padding:3px;
border:1px solid #000;background:#CCC; vertical-align: baseline;}
.HTMLPurifier_Printer th {text-align:left;background:#CCF;width:20%;}
.HTMLPurifier_Printer caption {font-size:1.5em; font-weight:bold;}
.HTMLPurifier_Printer .heavy {background:#99C;text-align:center;}
.HTMLPurifier_Printer .unsafe {background:#C99;}
dt {font-weight:bold;}
</style>
<link rel="stylesheet" href="../library/HTMLPurifier/Printer/ConfigForm.css" type="text/css" />
<script defer="defer" type="text/javascript" src="../library/HTMLPurifier/Printer/ConfigForm.js"></script>
</head>
<body>
<h1>HTML Purifier Printer Smoketest</h1>
<p>HTML Purifier claims to have a robust yet permissive whitelist: this
page will allow you to see precisely what HTML Purifier's internal
whitelist is. You can
also twiddle with the configuration settings to see how a directive
influences the internal workings of the definition objects.</p>
<h2>Modify configuration</h2>
<p>You can specify an array by typing in a comma-separated
list of items, HTML Purifier will take care of the rest (including
transformation into a real array list or a lookup table).</p>
<form method="get" action="" name="hp-configform">
<?php
echo $printer_config_form->render($config, 'HTML');
?>
<p>* Some configuration directives make a distinction between an empty
variable and a null variable. A whitelist, for example, will take an
empty array as meaning <em>no</em> allowed elements, while checking
Null/Disabled will mean that user whitelisting functionality is disabled.</p>
</form>
<h2>Definitions</h2>
<dl>
<dt>Parent of Fragment</dt>
<dd>HTML that HTML Purifier does not live in a void: when it's
output, it has to be placed in another element by means of
something like <code>&lt;element&gt; &lt;?php echo $html
?&gt; &lt;/element&gt;</code>. The parent in this example
is <code>element</code>.</dd>
<dt>Strict mode</dt>
<dd>Whether or not HTML Purifier's output is Transitional or
Strict compliant. Non-strict mode still actually a little strict
and converts many deprecated elements.</dd>
<dt>#PCDATA</dt>
<dd>Literally <strong>Parsed Character Data</strong>, it is regular
text. Tags like <code>ul</code> don't allow text in them, so
#PCDATA is missing.</dd>
<dt>Tag transform</dt>
<dd>A tag transform will change one tag to another. Example: <code>font</code>
turns into a <code>span</code> tag with appropriate CSS.</dd>
<dt>Attr Transform</dt>
<dd>An attribute transform changes a group of attributes based on one
another. Currently, only <code>lang</code> and <code>xml:lang</code>
use this hook, to synchronize each other's values. Pre/Post indicates
whether or not the transform is done before/after validation.</dd>
<dt>Excludes</dt>
<dd>Tags that an element excludes are excluded for all descendants of
that element, and not just the children of them.</dd>
<dt>Name(Param1, Param2)</dt>
<dd>Represents an internal data-structure. You'll have to check out
the corresponding classes in HTML Purifier to find out more.</dd>
</dl>
<h2>HTMLDefinition</h2>
<?php echo $printer_html_definition->render($config) ?>
<h2>CSSDefinition</h2>
<?php echo $printer_css_definition->render($config) ?>
</body>
</html>
<?php
// vim: et sw=4 sts=4

6
htmlpurifier-4.10.0/smoketests/test-schema/Directive.Allowed.txt Executable file
View File

@ -0,0 +1,6 @@
Directive.Allowed
TYPE: string
DEFAULT: 'apple'
ALLOWED: 'apple', 'orange', 'pear', 'peach', 'mango'
DESCRIPTION: This directive has a constrained set of allowed values.
--# vim: et sw=4 sts=4

7
htmlpurifier-4.10.0/smoketests/test-schema/Directive.Deprecated.txt Executable file
View File

@ -0,0 +1,7 @@
Directive.Deprecated
TYPE: int
DEFAULT: 0
DESCRIPTION: This is a deprecated directive that shouldn't show up on the form.
DEPRECATED-VERSION: 1.0.0
DEPRECATED-USE: Directive.Allowed
--# vim: et sw=4 sts=4

3
htmlpurifier-4.10.0/smoketests/test-schema/Directive.txt Executable file
View File

@ -0,0 +1,3 @@
Directive
DESCRIPTION: Other custom options with directives.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.bool.txt Executable file
View File

@ -0,0 +1,5 @@
Type.bool
TYPE: bool
DEFAULT: false
DESCRIPTION: The boolean type is true or false.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.float.txt Executable file
View File

@ -0,0 +1,5 @@
Type.float
TYPE: float
DEFAULT: 3.1415
DESCRIPTION: The float type is a floating point number.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.hash.txt Executable file
View File

@ -0,0 +1,5 @@
Type.hash
TYPE: hash
DEFAULT: array('key1' => 'val1', 'key2' => 'val2')
DESCRIPTION: The hash type is an associative array of string keys and string values.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.int.txt Executable file
View File

@ -0,0 +1,5 @@
Type.int
TYPE: int
DEFAULT: 23
DESCRIPTION: The int type is an signed integer.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.istring.txt Executable file
View File

@ -0,0 +1,5 @@
Type.istring
TYPE: istring
DEFAULT: 'case insensitive'
DESCRIPTION: The istring type is short (no newlines), must be ASCII and is case-insensitive.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.itext.txt Executable file
View File

@ -0,0 +1,5 @@
Type.itext
TYPE: itext
DEFAULT: "case\ninsensitive\nand\npossibly\nquite\nlong"
DESCRIPTION: The text type has newlines, must be ASCII and is case-insensitive.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.list.txt Executable file
View File

@ -0,0 +1,5 @@
Type.list
TYPE: list
DEFAULT: array('item1', 'item2')
DESCRIPTION: The list type is a numerically indexed array of strings.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.lookup.txt Executable file
View File

@ -0,0 +1,5 @@
Type.lookup
TYPE: lookup
DEFAULT: array('key1' => true, 'key2' => true)
DESCRIPTION: The lookup type acts just like list, except its elements are unique and are checked with <code>isset($var[$key])</code>.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.mixed.txt Executable file
View File

@ -0,0 +1,5 @@
Type.mixed
TYPE: mixed
DEFAULT: new stdClass()
DESCRIPTION: The mixed type allows any type, and is not form-editable.
--# vim: et sw=4 sts=4

7
htmlpurifier-4.10.0/smoketests/test-schema/Type.nullbool.txt Executable file
View File

@ -0,0 +1,7 @@
Type.nullbool
TYPE: bool/null
DEFAULT: null
--DESCRIPTION--
Null booleans need to be treated a little specially. See %Type.nullstring
for information on what the null flag does.
--# vim: et sw=4 sts=4

9
htmlpurifier-4.10.0/smoketests/test-schema/Type.nullstring.txt Executable file
View File

@ -0,0 +1,9 @@
Type.nullstring
TYPE: string/null
DEFAULT: null
--DESCRIPTION--
The null type is not a type, but a flag that can be added to any type
making null a valid value for that entry. It's useful for saying, "Let
the software pick the value for me," or "Don't use this element" when
false has a special meaning.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.string.txt Executable file
View File

@ -0,0 +1,5 @@
Type.string
TYPE: string
DEFAULT: 'Case sensitive'
DESCRIPTION: The string type is short (no newlines) and case-sensitive.
--# vim: et sw=4 sts=4

5
htmlpurifier-4.10.0/smoketests/test-schema/Type.text.txt Executable file
View File

@ -0,0 +1,5 @@
Type.text
TYPE: text
DEFAULT: "Case sensitive\nand\npossibly\nquite long..."
DESCRIPTION: The text type has newlines and is case-sensitive.
--# vim: et sw=4 sts=4

3
htmlpurifier-4.10.0/smoketests/test-schema/Type.txt Executable file
View File

@ -0,0 +1,3 @@
Type
DESCRIPTION: Directives demonstration the variable types ConfigSchema supports.
--# vim: et sw=4 sts=4

3
htmlpurifier-4.10.0/smoketests/test-schema/info.ini Executable file
View File

@ -0,0 +1,3 @@
name = "Test Schema"
; vim: et sw=4 sts=4

57
htmlpurifier-4.10.0/smoketests/variableWidthAttack.php Executable file
View File

@ -0,0 +1,57 @@
<?php
require_once 'common.php';
echo '<?xml version="1.0" encoding="UTF-8" ?>';
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTML Purifier Variable Width Attack Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>HTML Purifier Variable Width Attack Smoketest</h1>
<p>For more information, see
<a href="http://applesoup.googlepages.com/bypass_filter.txt">Cheng Peng Su's
original advisory.</a> This particular exploit code appears only to work
in Internet Explorer, if it works at all.</p>
<h2>Test</h2>
<?php
$purifier = new HTMLPurifier();
?>
<table>
<thead><tr><th>ASCII</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
<tbody>
<?php
for ($i = 0; $i < 256; $i++) {
$c = chr($i);
$html = '<img src="" alt="X' . $c . '"';
$html .= '>A"'; // in our out the attribute? ;-)
$html .= "onerror=alert('$i')>O";
$pure_html = $purifier->purify($html);
?>
<tr>
<td><?php echo $i; ?></td>
<td style="font-size:8pt;"><?php echo escapeHTML($html); ?></td>
<td style="font-size:8pt;"><?php echo escapeHTML($pure_html); ?></td>
<td><?php echo $pure_html; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<h2>Analysis</h2>
<p>By making sure that UTF-8 is well formed and non-SGML codepoints are
removed, as well as escaping quotes outside of tags, this is a non-threat.</p>
</body>
</html>
<?php
// vim: et sw=4 sts=4

100
htmlpurifier-4.10.0/smoketests/xssAttacks.php Executable file
View File

@ -0,0 +1,100 @@
<?php
require_once('common.php');
function formatCode($string)
{
return
str_replace(
array("\t", '»', '\0(null)'),
array('<strong>\t</strong>', '<span class="linebreak">»</span>', '<strong>\0</strong>'),
escapeHTML(
str_replace("\0", '\0(null)',
wordwrap($string, 28, " »\n", true)
)
)
);
}
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTML Purifier XSS Attacks Smoketest</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
.scroll {overflow:auto; width:100%;}
.even {background:#EAEAEA;}
thead th {border-bottom:1px solid #000;}
pre strong {color:#00C;}
pre .linebreak {color:#AAA;font-weight:100;}
</style>
</head>
<body>
<h1>HTML Purifier XSS Attacks Smoketest</h1>
<p>XSS attacks are from
<a href="http://ha.ckers.org/xss.html">http://ha.ckers.org/xss.html</a>.</p>
<p><strong>Caveats:</strong>
<tt>Google.com</tt> has been programatically disallowed, but as you can
see, there are ways of getting around that, so coverage in this area
is not complete. Most XSS broadcasts its presence by spawning an alert dialogue.
The displayed code is not strictly correct, as linebreaks have been forced for
readability. Linewraps have been marked with <tt>»</tt>. Some tests are
omitted for your convenience. Not all control characters are displayed.</p>
<h2>Test</h2>
<?php
if (version_compare(PHP_VERSION, '5', '<')) exit('<p>Requires PHP 5.</p>');
$xml = simplexml_load_file('xssAttacks.xml');
// programatically disallow google.com for URI evasion tests
// not complete
$config = HTMLPurifier_Config::createDefault();
$config->set('URI.HostBlacklist', array('google.com'));
$purifier = new HTMLPurifier($config);
?>
<table cellspacing="0" cellpadding="2">
<thead><tr><th>Name</th><th width="30%">Raw</th><th>Output</th><th>Render</th></tr></thead>
<tbody>
<?php
$i = 0;
foreach ($xml->attack as $attack) {
$code = $attack->code;
// custom code for null byte injection tests
if (substr($code, 0, 7) == 'perl -e') {
$code = substr($code, $i=strpos($code, '"')+1, strrpos($code, '"') - $i);
$code = str_replace('\0', "\0", $code);
}
// disable vectors we cannot test in any meaningful way
if ($code == 'See Below') continue; // event handlers, whitelist defeats
if ($attack->name == 'OBJECT w/Flash 2') continue; // requires ActionScript
if ($attack->name == 'IMG Embedded commands 2') continue; // is an HTTP response
// custom code for US-ASCII, which couldn't be expressed in XML without encoding
if ($attack->name == 'US-ASCII encoding') $code = urldecode($code);
?>
<tr<?php if ($i++ % 2) {echo ' class="even"';} ?>>
<td><?php echo escapeHTML($attack->name); ?></td>
<td><pre><?php echo formatCode($code); ?></pre></td>
<?php $pure_html = $purifier->purify($code); ?>
<td><pre><?php echo formatCode($pure_html); ?></pre></td>
<td><div class="scroll"><?php echo $pure_html ?></div></td>
</tr>
<?php
}
?>
</tbody>
</table>
</body>
</html>
<?php
// vim: et sw=4 sts=4

1307
htmlpurifier-4.10.0/smoketests/xssAttacks.xml Executable file
View File

File diff suppressed because it is too large Load Diff