aboutsummaryrefslogtreecommitdiffstats
path: root/tests/text_formatter/s9e
diff options
context:
space:
mode:
authorJoshyPHP <s9e.dev@gmail.com>2017-11-07 10:34:11 +0100
committerJoshyPHP <s9e.dev@gmail.com>2017-11-07 10:34:11 +0100
commit288def143cb8f594fd5c58d6a6dab07263a6c60e (patch)
tree758784f9c6cd8f4b8b0bd768f874b9450f145cc2 /tests/text_formatter/s9e
parent44d5bde61604979ea6f89951e78edf352f8a9bb5 (diff)
downloadforums-288def143cb8f594fd5c58d6a6dab07263a6c60e.tar
forums-288def143cb8f594fd5c58d6a6dab07263a6c60e.tar.gz
forums-288def143cb8f594fd5c58d6a6dab07263a6c60e.tar.bz2
forums-288def143cb8f594fd5c58d6a6dab07263a6c60e.tar.xz
forums-288def143cb8f594fd5c58d6a6dab07263a6c60e.zip
[ticket/15442] Allow unsafe HTML in bbcode.html
PHPBB3-15442
Diffstat (limited to 'tests/text_formatter/s9e')
-rw-r--r--tests/text_formatter/s9e/factory_test.php16
-rw-r--r--tests/text_formatter/s9e/fixtures/styles/unsafe/template/bbcode.html40
-rw-r--r--tests/text_formatter/s9e/fixtures/unsafe_default_bbcodes.xml24
3 files changed, 80 insertions, 0 deletions
diff --git a/tests/text_formatter/s9e/factory_test.php b/tests/text_formatter/s9e/factory_test.php
index fd9b4e4c09..d35330a975 100644
--- a/tests/text_formatter/s9e/factory_test.php
+++ b/tests/text_formatter/s9e/factory_test.php
@@ -248,6 +248,22 @@ class phpbb_textformatter_s9e_factory_test extends phpbb_database_test_case
}
/**
+ * @testdox Accepts unsafe default BBCodes
+ */
+ public function test_unsafe_default_bbcodes()
+ {
+ $fixture = __DIR__ . '/fixtures/unsafe_default_bbcodes.xml';
+ $style_dir = __DIR__ . '/fixtures/styles/';
+ $container = $this->get_test_case_helpers()->set_s9e_services(null, $fixture, $style_dir);
+ $parser = $container->get('text_formatter.parser');
+ $renderer = $container->get('text_formatter.renderer');
+
+ $original = '[b]alert(1)[/b]';
+ $expected = '<script>alert(1)</script>';
+ $this->assertSame($expected, $renderer->render($parser->parse($original)));
+ }
+
+ /**
* @testdox get_configurator() triggers events before and after configuration
*/
public function test_configure_events()
diff --git a/tests/text_formatter/s9e/fixtures/styles/unsafe/template/bbcode.html b/tests/text_formatter/s9e/fixtures/styles/unsafe/template/bbcode.html
new file mode 100644
index 0000000000..f3932f9b78
--- /dev/null
+++ b/tests/text_formatter/s9e/fixtures/styles/unsafe/template/bbcode.html
@@ -0,0 +1,40 @@
+<!-- BEGIN ulist_open --><ul style="list-style-type: {LIST_TYPE}"><!-- END ulist_open -->
+<!-- BEGIN ulist_open_default --><ul><!-- END ulist_open_default -->
+<!-- BEGIN ulist_close --></ul><!-- END ulist_close -->
+
+<!-- BEGIN olist_open --><ol style="list-style-type: {LIST_TYPE}"><!-- END olist_open -->
+<!-- BEGIN olist_close --></ol><!-- END olist_close -->
+
+<!-- BEGIN listitem --><li><!-- END listitem -->
+<!-- BEGIN listitem_close --></li><!-- END listitem_close -->
+
+<!-- BEGIN quote_username_open --><blockquote><div><cite>{USERNAME} {L_WROTE}{L_COLON}</cite><!-- END quote_username_open -->
+<!-- BEGIN quote_open --><blockquote class="uncited"><div><!-- END quote_open -->
+<!-- BEGIN quote_close --></div></blockquote><!-- END quote_close -->
+
+<!-- BEGIN code_open --><div class="codebox"><p>{L_CODE}{L_COLON} <a href="#" onclick="selectCode(this); return false;">{L_SELECT_ALL_CODE}</a></p><code><!-- END code_open -->
+<!-- BEGIN code_close --></code></div><!-- END code_close -->
+
+<!-- BEGIN inline_attachment_open --><div class="inline-attachment"><!-- END inline_attachment_open -->
+<!-- BEGIN inline_attachment_close --></div><!-- END inline_attachment_close -->
+
+<!-- BEGIN b_open --><script><!-- END b_open -->
+<!-- BEGIN b_close --></script><!-- END b_close -->
+
+<!-- BEGIN u_open --><span style="text-decoration: underline"><!-- END u_open -->
+<!-- BEGIN u_close --></span><!-- END u_close -->
+
+<!-- BEGIN i_open --><em><!-- END i_open -->
+<!-- BEGIN i_close --></em><!-- END i_close -->
+
+<!-- BEGIN color --><span style="color: {COLOR}">{TEXT}</span><!-- END color -->
+
+<!-- BEGIN size --><span style="font-size: {SIZE}%; line-height: 116%;">{TEXT}</span><!-- END size -->
+
+<!-- BEGIN img --><img src="{URL}" class="postimage" alt="{L_IMAGE}" /><!-- END img -->
+
+<!-- BEGIN url --><a href="{URL}" class="postlink">{DESCRIPTION}</a><!-- END url -->
+
+<!-- BEGIN email --><a href="mailto:{EMAIL}">{DESCRIPTION}</a><!-- END email -->
+
+<!-- BEGIN flash --><object classid="clsid:D27CDB6E-AE6D-11CF-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" width="{WIDTH}" height="{HEIGHT}"><param name="movie" value="{URL}" /><param name="play" value="false" /><param name="loop" value="false" /><param name="quality" value="high" /><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><embed src="{URL}" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" width="{WIDTH}" height="{HEIGHT}" play="false" loop="false" quality="high" allowscriptaccess="never" allownetworking="internal"></embed></object><!-- END flash -->
diff --git a/tests/text_formatter/s9e/fixtures/unsafe_default_bbcodes.xml b/tests/text_formatter/s9e/fixtures/unsafe_default_bbcodes.xml
new file mode 100644
index 0000000000..06524a13cc
--- /dev/null
+++ b/tests/text_formatter/s9e/fixtures/unsafe_default_bbcodes.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+ <table name="phpbb_styles">
+ <column>style_id</column>
+ <column>style_name</column>
+ <column>style_copyright</column>
+ <column>style_active</column>
+ <column>style_path</column>
+ <column>bbcode_bitfield</column>
+ <column>style_parent_id</column>
+ <column>style_parent_tree</column>
+
+ <row>
+ <value>1</value>
+ <value>unsafe</value>
+ <value></value>
+ <value>1</value>
+ <value>unsafe</value>
+ <value>QA==</value>
+ <value>0</value>
+ <value></value>
+ </row>
+ </table>
+</dataset>