Sanitize some HTML tags while in fast parsing mode

It's almost the same config as `set_stupidly_fast(true)` only we don't want to touch at `add_attributes` (because it's valuable safety) and we do want to strip specific tags (among which <script>, see moonmoon/moonmoon#111).
author: Romain d'Alverny <rdalverny@gmail.com> 2022-01-12 14:46:01 +0100
committer: Romain d'Alverny <rdalverny@gmail.com> 2022-01-12 14:46:01 +0100
commit: 0b2f80b2504286f0f9b9e1b95db5244d414a6808 (patch)
tree: a1f7095522eb124f37b8c7468b6138040e4bb025
parent: ca75bfdcf9888a73105228e03316920edaf44ff2 (diff)
download: planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar
planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar.gz
planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar.bz2
planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar.xz
planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.zip
3 files changed, 142 insertions, 1 deletions
diff --git a/app/classes/PlanetFeed.php b/app/classes/PlanetFeed.php
index 3d2ea2f..6cd6b08 100644
--- a/app/classes/PlanetFeed.php
+++ b/app/classes/PlanetFeed.php
@@ -23,7 +23,27 @@ class PlanetFeed extends SimplePie
         $this->set_autodiscovery_level(SIMPLEPIE_LOCATOR_NONE);
         $this->set_feed_url($this->getFeed());
         $this->set_timeout(5);
-        $this->set_stupidly_fast(true);
+
+        $this->enable_order_by_date(false);
+        $this->remove_div(false);
+        $this->strip_comments(false);
+        $this->strip_attributes(false);
+        $this->set_image_handler(false);
+        $this->set_https_domains(array());
+        $this->strip_htmltags([
+            'base', 'blink', 'body',
+            'doctype',
+            'embed',
+            'font', 'form', 'frame', 'frameset',
+            'html',
+            'iframe', 'input',
+            'marquee', 'meta',
+            'noscript',
+            'object',
+            'param',
+            'script',
+            'style'
+        ]);
     }
 
     public function getFeed()
diff --git a/tests/PlanetFeedTest.php b/tests/PlanetFeedTest.php
new file mode 100644
index 0000000..fb0e53d
--- /dev/null
+++ b/tests/PlanetFeedTest.php
@@ -0,0 +1,45 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+
+class PlanetFeedTest extends TestCase
+{
+    protected $feed;
+    protected $items;
+
+    public function setUp() : void
+    {
+        $this->feed = new PlanetFeed('Test Feed', 'http://localhost:8081/tests/feeds/feed-rss2.rss', 'http://localhost:8081/tests/', '');
+    }
+
+    protected function _after()
+    {
+        unset($this->feed);
+    }
+
+    public function testNo()
+    {
+        //print_r($this->feed);
+        $this->assertEquals(true, true);
+    }
+
+    public function testItemsContent()
+    {
+        if (!$this->feed->init()) {
+            $this->fail(sprintf('Failed to init feed: %s', $this->feed->error));
+        }
+        $items = $this->feed->get_items();
+        $this->assertEquals(5, count($items));
+
+        $expectedContents = [
+            '<div>Blabla.</div>',
+            "<div>Blabla.  Ho. Ho. Ho.</div>",
+            '<div>Image relative: <img src="https://blog.example.com/data/images/jjg.jpg"></div>',
+            '<div>Audio relatif: <audio src="https://blog.example.com/data/documents/jjg.mp3" type="audio/mp3" controls="controls" preload="none"></audio></div>',
+            //'<div>Video relative: <video preload="none"><source src="https://blog.example.com/data/documents/jjg.mpeg"></source></video></div>'
+        ];
+        foreach ($expectedContents as $ix => $value) {
+            $this->assertEquals($value, $items[$ix]->get_content());
+        }
+    }
+}
diff --git a/tests/feeds/feed-rss2.rss b/tests/feeds/feed-rss2.rss
new file mode 100644
index 0000000..312998b
--- /dev/null
+++ b/tests/feeds/feed-rss2.rss
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<rss xmlns:content="http://purl.org/rss/1.0/modules/content/"
+	xmlns:dc="http://purl.org/dc/elements/1.1/"
+	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
+	xmlns:media="http://search.yahoo.com/mrss/"
+	version="2.0">
+<channel>
+	<title>Test Feed</title>
+	<link>https://blog.example.com</link>
+	<description>some description</description>
+	<lastBuildDate>Fri, 03 Dec 2021 18:41:33 +0000</lastBuildDate>
+	<language>fr-FR</language>
+	<sy:updatePeriod>hourly</sy:updatePeriod>
+	<sy:updateFrequency>1</sy:updateFrequency>
+	<generator>https://generator.example.com/?v=1.2.3</generator>
+	<image>
+		<url></url>
+		<title>Test Feed</title>
+		<link>https://blog.example.com</link>
+		<width>32</width>
+		<height>32</height>
+	</image> 
+	<item>
+		<title>Test Post</title>
+		<link>https://blog.example.com/2022/01/test-post/</link>
+		<comments>https://blog.example.com/2022/01/test-post/#respond</comments>
+		<pubDate>Fri, 03 Dec 2021 18:41:29 +0000</pubDate>
+		<dc:creator><![CDATA[Creator]]></dc:creator>
+		<category><![CDATA[Non classé]]></category>
+		<guid isPermaLink="false">https://blog.example.com/?p=3863</guid>
+		<description><![CDATA[Blabla.]]></description>
+		<enclosure url="https://blog.example.com/wp-content/uploads/2022/01/1.jpg" length="39073" type="image/jpeg" />
+		<media:content url="https://blog.example.com/wp-content/uploads/2022/01/2.jpg" width="700" height="699" medium="image" type="image/jpeg" />
+	</item>
+	<item>
+		<title>Test Post With JavaScript</title>
+		<link>https://blog.example.com/2022/01/test-post-js/</link>
+		<comments>https://github.com/moonmoon/moonmoon/issues/111</comments>
+		<pubDate>Fri, 03 Dec 2021 18:41:30 +0000</pubDate>
+		<dc:creator><![CDATA[Creator]]></dc:creator>
+		<category><![CDATA[Non classé]]></category>
+		<guid isPermaLink="false">https://blog.example.com/?p=3864</guid>
+		<description><![CDATA[Blabla. <script>document.location.replace('https://example.com');</script> Ho. Ho. Ho.]]></description>
+	</item>
+	<item>
+		<title>Test Post With Image Relative Tag</title>
+		<link>https://blog.example.com/2022/01/test-post-img-tag-rel/</link>
+		<comments>https://github.com/moonmoon/moonmoon/issues/112</comments>
+		<pubDate>Fri, 03 Dec 2021 18:41:31 +0000</pubDate>
+		<dc:creator><![CDATA[Creator]]></dc:creator>
+		<category><![CDATA[Non classé]]></category>
+		<guid isPermaLink="false">https://blog.example.com/?p=3865</guid>
+		<description><![CDATA[Image relative: <img src="data/images/jjg.jpg" />]]></description>
+	</item>
+	<item>
+		<title>Test Post With Audio Relative Tag</title>
+		<link>https://blog.example.com/2022/01/test-post-audio-tag-rel/</link>
+		<comments>https://github.com/moonmoon/moonmoon/issues/112</comments>
+		<pubDate>Fri, 03 Dec 2021 18:41:32 +0000</pubDate>
+		<dc:creator><![CDATA[Creator]]></dc:creator>
+		<category><![CDATA[Non classé]]></category>
+		<guid isPermaLink="false">https://blog.example.com/?p=3866</guid>
+		<description><![CDATA[Audio relatif: <audio src="/data/documents/jjg.mp3" type="audio/mp3" controls="controls">]]></description>
+	</item>
+	<item>
+		<title>Test Post With Video Source Relative Tag</title>
+		<link>https://blog.example.com/2022/01/test-post-video-tag-rel/</link>
+		<comments>https://github.com/moonmoon/moonmoon/issues/112</comments>
+		<pubDate>Fri, 03 Dec 2021 18:41:33 +0000</pubDate>
+		<dc:creator><![CDATA[Creator]]></dc:creator>
+		<category><![CDATA[Non classé]]></category>
+		<guid isPermaLink="false">https://blog.example.com/?p=3867@</guid>
+		<description><![CDATA[Video relative: <video><source src="/data/documents/jjg.mpeg"></video>]]></description>
+	</item>
+</channel>
+</rss>
+\ No newline at end of file
author	Romain d'Alverny <rdalverny@gmail.com>	2022-01-12 14:46:01 +0100
committer	Romain d'Alverny <rdalverny@gmail.com>	2022-01-12 14:46:01 +0100
commit	0b2f80b2504286f0f9b9e1b95db5244d414a6808 (patch)
tree	a1f7095522eb124f37b8c7468b6138040e4bb025
parent	ca75bfdcf9888a73105228e03316920edaf44ff2 (diff)
download	planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar.gz planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar.bz2 planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.tar.xz planet-0b2f80b2504286f0f9b9e1b95db5244d414a6808.zip