summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@webtrees.net>2019-05-10 12:00:43 +0100
committerGreg Roach <fisharebest@webtrees.net>2019-05-10 12:10:23 +0100
commit50d6f48c66bf0bac3eabb9bdf84f878e4cc97d4a (patch)
tree6d5bfe8feb42ccf0dcae64b9f70edad7791fc389 /tests
parente7686319595e2aac8ce10b4383f91bfbe21d12f5 (diff)
downloadwebtrees-50d6f48c66bf0bac3eabb9bdf84f878e4cc97d4a.tar.gz
webtrees-50d6f48c66bf0bac3eabb9bdf84f878e4cc97d4a.tar.bz2
webtrees-50d6f48c66bf0bac3eabb9bdf84f878e4cc97d4a.zip
Fix: #1752 - use ezyang/htmlpurifier to santise user-supplied HTML
Diffstat (limited to 'tests')
-rw-r--r--tests/app/Services/HtmlServiceTest.php57
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/app/Services/HtmlServiceTest.php b/tests/app/Services/HtmlServiceTest.php
new file mode 100644
index 0000000000..6baa4e5ed0
--- /dev/null
+++ b/tests/app/Services/HtmlServiceTest.php
@@ -0,0 +1,57 @@
+<?php
+/**
+ * webtrees: online genealogy
+ * Copyright (C) 2019 webtrees development team
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+declare(strict_types=1);
+
+namespace Fisharebest\Webtrees\Services;
+
+use Fisharebest\Webtrees\MockGlobalFunctions;
+use Fisharebest\Webtrees\TestCase;
+
+/**
+ * Test harness for the class HtmlService
+ */
+class HtmlServiceTest extends TestCase
+{
+ /**
+ * @covers \Fisharebest\Webtrees\Services\HtmlService::sanitize
+ *
+ * @return void
+ */
+ public function testAllowedHtml(): void
+ {
+ $html_service = new HtmlService();
+
+ $dirty = '<div class="foo">bar</div>';
+ $clean = $html_service->sanitize($dirty);
+
+ $this->assertSame($dirty, $clean);
+ }
+
+ /**
+ * @covers \Fisharebest\Webtrees\Services\HtmlService::sanitize
+ *
+ * @return void
+ */
+ public function testDisallowedHtml(): void
+ {
+ $html_service = new HtmlService();
+
+ $dirty = '<div class="foo" onclick="alert(123)">bar</div>';
+ $clean = $html_service->sanitize($dirty);
+
+ $this->assertSame('<div class="foo">bar</div>', $clean);
+ }
+}