deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Ruby 1.9 Compatibility

Browse source 
Completely removed the html5lib sanitizer.
Fixed the string-handling to work in both
Ruby 1.8.x and 1.9.2. There are still,
inexplicably, two functional tests that
fail. But the rest seems to work quite well.
This commit is contained in:
Jacques Distler 2009-11-30 16:28:18 -06:00
parent 79c8572053
commit a6429f8c22
142 changed files with 519 additions and 843 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/functional/application_test.rb
View file

@ -1,6 +1,6 @@
# Unit tests for ApplicationController (the abstract controller class)
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'wiki_controller'
# Need some concrete class to test the abstract class features

2
test/functional/file_controller_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'file_controller'
require 'fileutils'
require 'stringio'

2
test/functional/routes_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'action_controller/routing'

7
test/functional/wiki_controller_test.rb
View file

@ -9,6 +9,7 @@ require 'wiki_controller'
require 'rexml/document'
require 'tempfile'
require 'zip/zipfilesystem'
require 'stringsupport'
# Raise errors beyond the default web-based presentation
class WikiController; def rescue_action(e) logger.error(e); raise e end; end
@ -935,7 +936,7 @@ class WikiControllerTest < ActionController::TestCase
r = process('show', 'id' => 'HomePage', 'web' => 'wiki1')
assert_response :success
assert_match /<em>Recursive include detected: HomePage \342\206\222 HomePage<\/em>/, r.body
assert_match /<em>Recursive include detected: HomePage \342\206\222 HomePage<\/em>/, r.body.as_bytes
end
def test_recursive_include_II
@ -947,7 +948,7 @@ class WikiControllerTest < ActionController::TestCase
r = process('show', 'id' => 'HomePage', 'web' => 'wiki1')
assert_response :success
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun <em>Recursive include detected: Foo \342\206\222 Foo<\/em><\/p>/, r.body
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun <em>Recursive include detected: Foo \342\206\222 Foo<\/em><\/p>/, r.body.as_bytes
end
def test_recursive_include_III
@ -961,7 +962,7 @@ class WikiControllerTest < ActionController::TestCase
r = process('show', 'id' => 'HomePage', 'web' => 'wiki1')
assert_response :success
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun<\/p>\n<em>Recursive include detected: Bar \342\206\222 Bar<\/em>/, r.body
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun<\/p>\n<em>Recursive include detected: Bar \342\206\222 Bar<\/em>/, r.body.as_bytes
end
def test_nonrecursive_include

2
test/unit/chunks/category_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../../test_helper')
require 'chunks/category'
class CategoryTest < Test::Unit::TestCase

10
test/unit/chunks/nowiki_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../../test_helper')
require 'chunks/nowiki'
class NoWikiTest < Test::Unit::TestCase
@ -26,25 +26,25 @@ class NoWikiTest < Test::Unit::TestCase
def test_sanitize_nowiki
match(NoWiki, 'This sentence contains <nowiki>[[test]]&<a href="a&b">shebang</a> <script>alert("xss!");</script> *foo*</nowiki>. Do not touch!',
:plain_text => "[[test]]&amp;<a href='a&amp;b'>shebang</a> &lt;script&gt;alert(\"xss!\");&lt;/script&gt; *foo*"
:plain_text => "[[test]]&amp;<a href='a&amp;b'>shebang</a> &lt;script&gt;alert(&quot;xss!&quot;);&lt;/script&gt; *foo*"
)
end
def test_sanitize_nowiki_ill_formed
match(NoWiki, "<nowiki><animateColor xlink:href='#foo'/></nowiki>",
:plain_text => "&lt;animateColor xlink:href=&#39;#foo&#39;&gt;&lt;/animateColor&gt;"
:plain_text => "&lt;animateColor xlink:href=&#39;#foo&#39;/&gt;"
)
end
def test_sanitize_nowiki_ill_formed_II
match(NoWiki, "<nowiki><animateColor xlink:href='#foo'/>\000</nowiki>",
:plain_text => %(&lt;animateColor xlink:href=&#39;#foo&#39;&gt;&lt;/animateColor&gt;\xEF\xBF\xBD)
:plain_text => %(&lt;animateColor xlink:href=&#39;#foo&#39;/&gt;)
)
end
def test_sanitize_nowiki_bad_utf8
match(NoWiki, "<nowiki>\357elephant &AMP; \302ivory</nowiki>",
:plain_text => "\357\277\275elephant &amp; \357\277\275ivory"
:plain_text => "".respond_to?(:force_encoding) ? "elephant &amp;AMP; ivory" : "ephant &amp;AMP; vory"
)
end

2
test/unit/chunks/wiki_test.rb
View file

@ -1,7 +1,7 @@
#!/usr/bin/env ruby
# encoding: UTF-8
require File.dirname(__FILE__) + '/../../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../../test_helper')
require 'chunks/wiki'
class WikiTest < Test::Unit::TestCase

6
test/unit/page_renderer_test.rb
View file

@ -281,12 +281,12 @@ END_THM
re = Regexp.new(
%{<p>equation <span class='maruku-inline'><img alt='\\$a\\\\sin\\(\\\\theta\\)\\$' } +
%{class='maruku-png' src='\.\./files/pngs/\\w+\.png' style='vertical-align: -0\.5} +
%{55555555555556ex; height: 2\.33333333333333ex;'/></span></p>})
%{(5)+6ex; height: 2\.3(3)+ex;'/></span></p>})
assert_match_markup_parsed_as(re, 'equation $a\sin(\theta)$')
re = Regexp.new(
%{<div class='maruku-equation'><img alt='\\$a\\\\sin\\(\\\\theta\\)\\$' } +
%{class='maruku-png' src='\.\./files/pngs/\\w+\.png' style='height: 2\.333333333} +
%{class='maruku-png' src='\.\./files/pngs/\\w+\.png' style='height: 2\.3(3)+} +
%{33333ex;'/><span class='maruku-eq-tex'><code style='display: none;'>a\\\\sin} +
%{\\(\\\\theta\\)<\/code><\/span><\/div>})
assert_match_markup_parsed_as(re, '$$a\sin(\theta)$$')
@ -504,7 +504,7 @@ END_THM
def test_malformed_nowiki
assert_markup_parsed_as(
'<p><i><b/></i></p>',
'<p>&lt;i&gt;&lt;b&gt;&lt;/i&gt;&lt;/b&gt;</p>',
'<nowiki><i><b></i></b></nowiki> ')
end

189
test/unit/sanitize_test.rb
View file

@ -1,189 +0,0 @@
#!/usr/bin/env ruby
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'sanitize'
require 'json'
class SanitizeTest < Test::Unit::TestCase
include Sanitize
def setup
end
def do_sanitize_xhtml stream
safe_sanitize_xhtml(stream)
end
def check_sanitization(input, htmloutput, xhtmloutput, rexmloutput)
assert_equal htmloutput, do_sanitize_xhtml(input)
end
def rexml_doc(string)
REXML::Document.new(
"<div xmlns='http://www.w3.org/1999/xhtml'>#{string}</div>")
end
def my_rex(string)
sanitize_rexml(rexml_doc(string.to_utf8)).gsub(/\A<div xmlns="http:\/\/www.w3.org\/1999\/xhtml">(.*)<\/div>\Z/m, '\1')
end
def test_sanitize_named_entities
input = '<p>Greek &phis; &phi;, double-struck &Aopf;, numeric &#x1D538; &#8279;, uppercase &TRADE; &LT;</p>'
output = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric \360\235\224\270 \342\201\227, uppercase \342\204\242 &lt;</p>"
output2 = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric &#x1D538; &#8279;, uppercase \342\204\242 &lt;</p>"
assert_equal(output, sanitize_xhtml(input))
assert_equal(output, sanitize_html(input))
assert_equal(output, my_rex(input))
assert_equal(output2, input.to_utf8)
end
def test_sanitize_malformed_utf8
input = "<p>\357elephant &AMP; \302ivory</p>"
output = "<p>\357\277\275elephant &amp; \357\277\275ivory</p>"
check_sanitization(input, output, output, output)
end
Sanitizer::ALLOWED_ELEMENTS.each do |tag_name|
define_method "test_should_allow_#{tag_name}_tag" do
input = "<#{tag_name} title='1'>foo <bad>bar</bad> baz</#{tag_name}>"
htmloutput = "<#{tag_name.downcase} title='1'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</#{tag_name.downcase}>"
xhtmloutput = "<#{tag_name} title='1'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</#{tag_name}>"
rexmloutput = xhtmloutput
if %w[caption colgroup optgroup option tbody td tfoot th thead tr].include?(tag_name)
htmloutput = "foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
elsif tag_name == 'col'
htmloutput = "foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
rexmloutput = "<col title='1' />"
elsif tag_name == 'table'
htmloutput = "foo &lt;bad&gt;bar&lt;/bad&gt;baz<table title='1'> </table>"
xhtmloutput = htmloutput
elsif tag_name == 'image'
htmloutput = "<img title='1'/>foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
rexmloutput = "<image title='1'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</image>"
elsif VOID_ELEMENTS.include?(tag_name)
htmloutput = "<#{tag_name} title='1'/>foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
htmloutput += '<br/>' if tag_name == 'br'
rexmloutput = "<#{tag_name} title='1' />"
end
check_sanitization(input, xhtmloutput, xhtmloutput, rexmloutput)
end
end
Sanitizer::ALLOWED_ELEMENTS.each do |tag_name|
define_method "test_should_forbid_#{tag_name.upcase}_tag" do
input = "<#{tag_name.upcase} title='1'>foo <bad>bar</bad> baz</#{tag_name.upcase}>"
output = "&lt;#{tag_name.upcase} title=\"1\"&gt;foo &lt;bad&gt;bar&lt;/bad&gt; baz&lt;/#{tag_name.upcase}&gt;"
xhtmloutput = "&lt;#{tag_name.upcase} title='1'&gt;foo &lt;bad&gt;bar&lt;/bad&gt; baz&lt;/#{tag_name.upcase}&gt;"
check_sanitization(input, output, xhtmloutput, output)
end
end
Sanitizer::ALLOWED_ATTRIBUTES.each do |attribute_name|
next if attribute_name == 'style' || attribute_name.include?(':')
define_method "test_should_allow_#{attribute_name}_attribute" do
input = "<p #{attribute_name}='foo'>foo <bad>bar</bad> baz</p>"
output = "<p #{attribute_name}='foo'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>"
htmloutput = "<p #{attribute_name.downcase}='foo'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::ALLOWED_ATTRIBUTES.each do |attribute_name|
define_method "test_should_forbid_#{attribute_name.upcase}_attribute" do
input = "<p #{attribute_name.upcase}='display: none;'>foo <bad>bar</bad> baz</p>"
output = "<p>foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::ALLOWED_PROTOCOLS.each do |protocol|
define_method "test_should_allow_#{protocol}_uris" do
input = %(<a href="#{protocol}">foo</a>)
output = "<a href='#{protocol}'>foo</a>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::ALLOWED_PROTOCOLS.each do |protocol|
define_method "test_should_allow_uppercase_#{protocol}_uris" do
input = %(<a href="#{protocol.upcase}">foo</a>)
output = "<a href='#{protocol.upcase}'>foo</a>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::SVG_ALLOW_LOCAL_HREF.each do |tag_name|
next unless Sanitizer::ALLOWED_ELEMENTS.include?(tag_name)
define_method "test_#{tag_name}_should_allow_local_href_with_ns_decl" do
input = %(<#{tag_name} xlink:href="#foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xlink:href='#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xlink:href='#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_allow_local_href_with_newline_and_ns_decl" do
input = %(<#{tag_name} xlink:href="\n#foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xlink:href='\n#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xlink:href='\n#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_local_href_without_ns_decl" do
input = %(<#{tag_name} xlink:href="#foo"/>)
output = "&lt;#{tag_name.downcase} xlink:href='#foo'/>"
xhtmloutput = "&lt;#{tag_name} xlink:href=&#39;#foo&#39;&gt;&lt;/#{tag_name}&gt;"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_local_href_with_newline_without_ns_decl" do
input = %(<#{tag_name} xlink:href="\n#foo"/>)
output = "&lt;#{tag_name.downcase} xlink:href='\n#foo'/>"
xhtmloutput = "&lt;#{tag_name} xlink:href=&#39;\n#foo&#39;&gt;&lt;/#{tag_name}&gt;"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_nonlocal_href_with_ns_decl" do
input = %(<#{tag_name} xlink:href="http://bad.com/foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_nonlocal_href_with_newline_and_ns_decl" do
input = %(<#{tag_name} xlink:href="\nhttp://bad.com/foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
end
def test_should_handle_astral_plane_characters
input = "<p>&#x1d4b5; &#x1d538;</p>"
output = "<p>\360\235\222\265 \360\235\224\270</p>"
check_sanitization(input, output, output, output)
input = "<p><tspan>\360\235\224\270</tspan> a</p>"
output = "<p><tspan>\360\235\224\270</tspan> a</p>"
check_sanitization(input, output, output, output)
end
JSON::parse(open(File.expand_path(File.join(File.dirname(__FILE__), '/../sanitizer.dat'))).read).each do |test|
define_method "test_#{test['name']}" do
check_sanitization(
test['input'],
test['output'],
test['xhtml'] || test['output'],
test['rexml'] || test['output']
)
end
end
end

6
test/unit/sanitizer_test.rb
View file

@ -19,7 +19,7 @@ class SanitizerTest < Test::Unit::TestCase
end
def check_sanitization(input, htmloutput, xhtmloutput, rexmloutput)
assert_equal xhtmloutput, do_sanitize_xhtml(input)
assert_equal xhtmloutput.as_bytes, do_sanitize_xhtml(input).as_bytes
end
def test_sanitize_named_entities
@ -27,12 +27,12 @@ class SanitizerTest < Test::Unit::TestCase
output = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric \360\235\224\270 \342\201\227, uppercase \342\204\242 &lt;</p>"
output2 = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric &#x1D538; &#8279;, uppercase \342\204\242 &lt;</p>"
check_sanitization(input, output, output, output)
assert_equal(output2, input.to_utf8)
assert_equal(output2, input.to_utf8.as_bytes)
end
def test_sanitize_malformed_utf8
input = "<p>\357elephant &AMP; \302ivory</p>".purify
output = "<p>ephant &amp; vory</p>"
output = "".respond_to?(:force_encoding) ? "<p>elephant &amp; ivory</p>" : "<p>ephant &amp; vory</p>"
check_sanitization(input, output, output, output)
end

2
test/unit/uri_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'chunks/uri'
class URITest < Test::Unit::TestCase

2
test/unit/web_test.rb
View file

@ -1,4 +1,4 @@
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
class WebTest < ActiveSupport::TestCase
fixtures :system, :webs, :pages, :revisions, :wiki_references

2
test/unit/wiki_file_test.rb
View file

@ -1,4 +1,4 @@
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'fileutils'
class WikiFileTest < ActiveSupport::TestCase