fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-29 15:22:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Improve HTMLFilter handling of editor component properties

Browse source
This commit is contained in:
Kijin Sung 2017-02-25 17:37:58 +09:00
parent 24c29cfbdb
commit aa879e7326
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/unit/framework/filters/HTMLFilterTest.php
View file

@ -187,6 +187,14 @@ class HTMLFilterTest extends \Codeception\TestCase\Test
$target = '<img src="./foo/bar.jpg" alt="My Picture" style="width:320px;height:240px;" width="320" height="240" />';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source, false, false));
$source = '<img src="./foo/bar.jpg" alt="Picture" editor_component="component_name" editor_component_property="java Script:alert()" />';
$target = '<img src="./foo/bar.jpg" alt="Picture" editor_component="component_name" />';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<img src="./foo/bar.jpg" alt="Picture" editor_component="component_name" rx_encoded_properties="alert()" />';
$target = '<img src="./foo/bar.jpg" alt="Picture" editor_component="component_name" />';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<img somekey="somevalue" otherkey="othervalue" onkeypress="alert(\'xss\');" editor_component="component_name" />';
$target = '';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source, false, false));