class = new Sanitizer();
}
protected function tearDown()
{
unset($this->class);
}
/**
* Make sure the initial tags are loaded
*/
public function testLoadDefaultTags()
{
$tags = $this->class->getAllowedTags();
$this->assertInternalType('array', $tags);
}
/**
* Make sure the initial attributes are loaded
*/
public function testLoadDefaultAttributes()
{
$attributes = $this->class->getAllowedAttrs();
$this->assertInternalType('array', $attributes);
}
/**
* Test the custom tag setters and getters
*/
public function testSetCustomTags()
{
$this->class->setAllowedTags(new TestAllowedTags());
$tags = $this->class->getAllowedTags();
$this->assertInternalType('array', $tags);
$this->assertEquals(array_map('strtolower', TestAllowedTags::getTags()), $tags);
}
/**
* Test the custom attribute setters and getters
*/
public function testSetCustomAttributes()
{
$this->class->setAllowedAttrs(new TestAllowedAttributes());
$attributes = $this->class->getAllowedAttrs();
$this->assertInternalType('array', $attributes);
$this->assertEquals( array_map('strtolower', TestAllowedAttributes::getAttributes()), $attributes);
}
/**
* Test that malicious elements and attributes are removed from standard XML
*/
public function testSanitizeXMLDoc()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/xmlTestOne.xml');
$expected = file_get_contents($dataDirectory . '/xmlCleanOne.xml');
$cleanData = $this->class->sanitize($initialData);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Test that malicious elements and attributes are removed from an SVG
*/
public function testSanitizeSVGDoc()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/svgTestOne.svg');
$expected = file_get_contents($dataDirectory . '/svgCleanOne.svg');
$cleanData = $this->class->sanitize($initialData);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Test that a badly formatted XML document returns false
*/
public function testBadXMLReturnsFalse()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/badXmlTestOne.svg');
$cleanData = $this->class->sanitize($initialData);
$this->assertEquals(false, $cleanData);
}
/**
* Make sure that hrefs get sanitized correctly
*/
public function testSanitizeHrefs()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/hrefTestOne.svg');
$expected = file_get_contents($dataDirectory . '/hrefCleanOne.svg');
$cleanData = $this->class->sanitize($initialData);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Make sure that hrefs get sanitized correctly when the xlink namespace is omitted.
*/
public function testSanitizeHrefsNoXlinkNamespace()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/hrefTestTwo.svg');
$expected = file_get_contents($dataDirectory . '/hrefCleanTwo.svg');
$cleanData = $this->class->sanitize($initialData);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Make sure that external references get sanitized correctly
*/
public function testSanitizeExternal()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/externalTest.svg');
$expected = file_get_contents($dataDirectory . '/externalClean.svg');
$this->class->removeRemoteReferences(true);
$cleanData = $this->class->sanitize($initialData);
$this->class->removeRemoteReferences(false);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Test that minification of an SVG works
*/
public function testSanitizeAndMinifiySVGDoc()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/svgTestOne.svg');
$expected = file_get_contents($dataDirectory . '/svgCleanOneMinified.svg');
$this->class->minify(true);
$cleanData = $this->class->sanitize($initialData);
$this->class->minify(false);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Test that ARIA and Data Attributes are allowed
*/
public function testThatAriaAndDataAttributesAreAllowed()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/ariaDataTest.svg');
$expected = file_get_contents($dataDirectory . '/ariaDataClean.svg');
$this->class->minify(false);
$cleanData = $this->class->sanitize($initialData);
$this->class->minify(false);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Test that ARIA and Data Attributes are allowed
*/
public function testThatExternalUseElementsAreStripped()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/useTest.svg');
$expected = file_get_contents($dataDirectory . '/useClean.svg');
$this->class->minify(false);
$cleanData = $this->class->sanitize($initialData);
$this->class->minify(false);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Test setXMLOptions and minifying works as expected
*/
public function testMinifiedOptions()
{
$this->class->minify(true);
$this->class->removeXMLTag(true);
$this->class->setXMLOptions(0);
$input = '';
$output = $this->class->sanitize($input);
$this->assertEquals($input, $output);
}
/**
* @test
*/
public function useRecursionsAreDetected()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/xlinkLaughsTest.svg');
$expected = file_get_contents($dataDirectory . '/xlinkLaughsClean.svg');
$this->class->minify(false);
$cleanData = $this->class->sanitize($initialData);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* @test
*/
public function infiniteUseLoopsAreDetected()
{
$dataDirectory = __DIR__ . '/data';
$initialData = file_get_contents($dataDirectory . '/xlinkLoopTest.svg');
$expected = file_get_contents($dataDirectory . '/xlinkLoopClean.svg');
$this->class->minify(false);
$cleanData = $this->class->sanitize($initialData);
$this->assertXmlStringEqualsXmlString($expected, $cleanData);
}
/**
* Make sure that DOS attacks using the