PHP Classes

File: test/test.php

Recommend this page to a friend!
  Classes of Manuel Lemos   Secure HTML parser and filter   test/test.php   Download  
File: test/test.php
Role: Unit test script
Content type: text/plain
Description: Markup parser unit test suite
Class: Secure HTML parser and filter
Parse and filter insecure HTML tags and CSS styles
Author: By
Last change: Added the selectors test.
Date: 14 years ago
Size: 10,065 bytes
 

Contents

Class file image Download
<?php

/*
 * test.php
 *
 * @(#) $Id: test.php,v 1.11 2009/12/06 06:39:32 mlemos Exp $
 *
 */

   
$__entities = '&;
&#xz;
&#x;
&#xfffffffff;
&#xffffffff;
&#x0ffffffff;
&#z;
&#;
&#4294967296;
&#4294967295;
&#04294967295;
&1bogus;
&toolongentitity;
&ok;
&notok'
;
   
$entities_in_unsafe_url='
<a href="j&#0avascript:prompt(2)">Encoded NUL</a>
<a href="j&#9avascript:prompt(2)">Encoded TAB</a>
<a href="j&#97vascript:prompt(2)">Encoded a</a>
<a href="j&#x00avascript:prompt(2)">Hex-encoded NUL</a>
<a href="ja&#x09vascript:prompt(2)">Hex-encoded TAB</a>
<a href="j&#x61vascript:prompt(2)">Hex-encoded a</a>
<a href="j'
.Chr(0).'avascript:prompt(2)">Literal NUL</a>
<a href="ja'
.Chr(9).'vascript:prompt(2)">Literal TAB</a>
'
;
   
$quote_separating_unsafe_attribute='
<img src=missingimage.gif"onerror="alert(\'XSS\')>
'
;

   
$unicode_style = '.test { color: \0065\0078\0070\0072\0065\0073\0073\0069\006f\006e\0028\0061\006c\0065\0072\0074\0028\0031\0029\0029 }';
   
$selectors = 'h1 { color: red }
em { color: red }
h1 em { color: blue }
h1, h2, h3 { font-family: sans-serif }
*[lang=fr] { font-family: sans-serif }
[lang=fr] { font-family: sans-serif }
*.warning { font-family: sans-serif }
.warning { font-family: sans-serif }
*#myid { font-family: sans-serif }
#myid { font-family: sans-serif }
div * p { font-family: sans-serif }
div p *[href] { font-family: sans-serif }
body > p { line-height: 1.3 }
div ol>li p { line-height: 1.3 }
math + p { text-indent: 0 }
h1 + h2 { margin-top: -5mm }
h1.opener + h2 { margin-top: -5mm }
h1[title] { color: blue; }
span[class=example] { color: blue; }
span[hello="Cleveland"][goodbye="Columbus"] { color: blue; }
*[lang=fr] { display: none }
*[lang|="en"] { color: red }
DIALOGUE[character=romeo] { voice-family: "Laurence Olivier", charles, male }
DIALOGUE[character=juliet] { voice-family: "Vivien Leigh", victoria, female }
*.pastoral { color: green }
.pastoral { color: green }
H1.pastoral { color: green }
p.marine.pastoral { color: green }
h1#chapter1 { text-align: center }
div > p:first-child { text-indent: 0 }
a:link { color: red }
a:visited { color: blue }
a:hover { color: yellow }
a:active { color: lime }
a:focus { background: yellow }
a:focus:hover { background: white }
html:lang(fr-ca) { quotes: \'" \' \' "\' }
html:lang(de) { quotes: \'"\' \'"\' \'\2039\' \'\203A\' }
:lang(fr) > Q { quotes: \'" \' \' "\' }
:lang(de) > Q { quotes: \'"\' \'"\' \'\2039\' \'\203A\' }
p:first-line { text-transform: uppercase }
p { line-height: 1.1 }
p:first-letter { font-size: 3em; font-weight: normal }
span { font-weight: bold }
p { color: red; font-size: 12pt }
p:first-letter { color: green; font-size: 200% }
p:first-line { color: blue }
h1:before {content: counter(chapno, upper-roman) ". "}
p.special:before {content: "Special! "}
p.special:first-letter {color: #ffd800}
'
;
   
$__simple_file='sample/simple.html';
   
$__tests=array(
       
'normal'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/simple.txt',
           
'expectedfile'=>'expect/simple.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'File'=>$__simple_file,
                )
            )
        ),
       
'normal1bytebuffer'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/simple.txt',
           
'expectedfile'=>'expect/simple.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'File'=>$__simple_file,
                ),
               
'buffer_length'=>1
           
)
        ),
       
'tracklines'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/track_lines.txt',
           
'expectedfile'=>'expect/track_lines.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'File'=>$__simple_file,
                ),
               
'track_lines'=>1
           
)
        ),
       
'tracklines1bytebuffer'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/track_lines.txt',
           
'expectedfile'=>'expect/track_lines.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'File'=>$__simple_file,
                ),
               
'buffer_length'=>1,
               
'track_lines'=>1
           
)
        ),
       
'unfinishedtag'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/unfinishedtag.txt',
           
'expectedfile'=>'expect/unfinishedtag.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>'<tag',
                ),
               
'track_lines'=>1
           
)
        ),
       
'unfinishedtagend'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/unfinishedtagend.txt',
           
'expectedfile'=>'expect/unfinishedtagend.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>'<tag<tag>',
                ),
               
'track_lines'=>1
           
)
        ),
       
'unfinishedtagattribute'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/unfinishedtagattribute.txt',
           
'expectedfile'=>'expect/unfinishedtagattribute.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>'<tag attribute<tag>',
                ),
               
'track_lines'=>1
           
)
        ),
       
'unfinishedtagattributevalue'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/unfinishedtagattributevalue.txt',
           
'expectedfile'=>'expect/unfinishedtagattributevalue.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>'<tag attribute=value<tag>',
                ),
               
'track_lines'=>1
           
)
        ),
       
'unfinishedquotedtagattribute'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/unfinishedquotedtagattribute.txt',
           
'expectedfile'=>'expect/unfinishedquotedtagattribute.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>'<tag "attribute<tag>',
                ),
               
'track_lines'=>1
           
)
        ),
       
'unfinishedquotedtagattributevalue'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/unfinishedquotedtagattributevalue.txt',
           
'expectedfile'=>'expect/unfinishedquotedtagattributevalue.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>'<tag attribute="value<tag>',
                ),
               
'track_lines'=>1
           
)
        ),
       
'entities'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/entities.txt',
           
'expectedfile'=>'expect/entities.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>$__entities,
                ),
               
'track_lines'=>1
           
)
        ),
       
'entities1bytebuffer'=>array(
           
'script'=>'../test_markup_parser.php',
           
'generatedfile'=>'generated/entities.txt',
           
'expectedfile'=>'expect/entities.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>$__entities,
                ),
               
'track_lines'=>1,
               
'buffer_length'=>1
           
)
        ),
       
'unicodestylevalues'=>array(
           
'script'=>'../test_css_parser.php',
           
'generatedfile'=>'generated/unicodestylevalues.txt',
           
'expectedfile'=>'expect/unicodestylevalues.txt',
           
'options'=>array(
               
'Stylesheet'=>$unicode_style,
            )
        ),
       
'safehtmlfilter'=>array(
           
'script'=>'../test_safe_html_filter.php',
           
'generatedfile'=>'generated/safehtmlfilter.txt',
           
'expectedfile'=>'expect/safehtmlfilter.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'File'=>$__simple_file,
                   
'OnlyBody'=>0,
                   
'DTDCachePath'=>'../',
                )
            )
        ),
       
'entitiesinunsafeurl'=>array(
           
'script'=>'../test_safe_html_filter.php',
           
'generatedfile'=>'generated/entitiesinunsafeurl.txt',
           
'expectedfile'=>'expect/entitiesinunsafeurl.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>$entities_in_unsafe_url,
                   
'OnlyBody'=>1,
                   
'DTDCachePath'=>'../',
                )
            )
        ),
       
'quoteseparatingunsafeattribute'=>array(
           
'script'=>'../test_safe_html_filter.php',
           
'generatedfile'=>'generated/quoteseparatingunsafeattribute.txt',
           
'expectedfile'=>'expect/quoteseparatingunsafeattribute.txt',
           
'options'=>array(
               
'parameters'=>array(
                   
'Data'=>$quote_separating_unsafe_attribute,
                   
'OnlyBody'=>1,
                   
'DTDCachePath'=>'../',
                )
            )
        ),
       
'selectors'=>array(
           
'script'=>'../test_css_parser.php',
           
'generatedfile'=>'generated/selectors.txt',
           
'expectedfile'=>'expect/selectors.txt',
           
'options'=>array(
               
'Stylesheet'=>$selectors,
            )
        ),
    );

   
define('__TEST',1);
    if(IsSet(
$_SERVER['argv'])
    &&
GetType($_SERVER['argv']) == 'array'
   
&& count($_SERVER['argv']) > 1)
    {
       
$__try = array();
        for(
$__test = 1; $__test < count($_SERVER['argv']); ++$__test)
        {
           
$__name = $_SERVER['argv'][$__test];
            if(!IsSet(
$__tests[$__name]))
            {
                echo
"\n".'There is no test named '.$__name.'.'."\n".str_repeat('_',80)."\n";
               
$__try = array();
                break;
            }
           
$__try[] = $__name;
        }
    }
    else
       
$__try = array_keys($__tests);
    for(
$__different=$__test=$__checked=0; $__test<count($__try); ++$__test)
    {
       
$__name = $__try[$__test];
       
$__script=$__tests[$__name]['script'];
        if(!
file_exists($__script))
        {
            echo
"\n".'Test script '.$__script.' does not exist.'."\n".str_repeat('_',80)."\n";
            continue;
        }
        echo
'Test "'.$__name.'": ... ';
       
flush();
        if(IsSet(
$__tests[$__name]['options']))
           
$__test_options=$__tests[$__name]['options'];
        else
           
$__test_options=array();
       
ob_start();
        require(
$__script);
       
$output=ob_get_contents();
       
ob_end_clean();
       
$generated=$__tests[$__name]['generatedfile'];
        if(!(
$file = fopen($generated, 'wb')))
            die(
'Could not create the generated output file '.$generated."\n");
        if(!
fputs($file, $output)
        || !
fclose($file))
            die(
'Could not save the generated output to the file '.$generated."\n");
       
$expected=$__tests[$__name]['expectedfile'];
        if(!
file_exists($expected))
        {
            echo
"\n".'Expected output file '.$expected.' does not exist.'."\n".str_repeat('_',80)."\n";
            continue;
        }
       
$diff=array();
       
exec('diff '.$expected.' '.$generated, $diff);
        if(
count($diff))
        {
            echo
"FAILED\n".'Output of script '.$__script.' is different from the expected file '.$expected." .\n".str_repeat('_',80)."\n";
            for(
$line=0; $line<count($diff); $line++)
                echo
$diff[$line]."\n";
            echo
str_repeat('_',80)."\n";
           
flush();
           
$__different++;
        }
        else
            echo
"OK\n";
       
$__checked++;
    }
    echo
$__checked.' test '.($__checked==1 ? 'was' : 'were').' performed, '.($__checked!=$__test ? (($__test-$__checked==1) ? ' 1 test was skipped, ' : ($__test-$__checked).' tests were skipped, ') : '').($__different ? $__different.' failed' : 'none has failed').'.'."\n";

?>