deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'bzr/golem' of /Users/distler/Sites/code/instiki

Browse source
This commit is contained in:
Jacques Distler 2009-11-30 16:35:46 -06:00
commit f23d892bf9
142 changed files with 519 additions and 843 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/functional/application_test.rb
View file

@ -1,6 +1,6 @@
# Unit tests for ApplicationController (the abstract controller class)
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'wiki_controller'
# Need some concrete class to test the abstract class features

2
test/functional/file_controller_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'file_controller'
require 'fileutils'
require 'stringio'

2
test/functional/routes_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'action_controller/routing'

7
test/functional/wiki_controller_test.rb
View file

@ -9,6 +9,7 @@ require 'wiki_controller'
require 'rexml/document'
require 'tempfile'
require 'zip/zipfilesystem'
require 'stringsupport'
# Raise errors beyond the default web-based presentation
class WikiController; def rescue_action(e) logger.error(e); raise e end; end
@ -935,7 +936,7 @@ class WikiControllerTest < ActionController::TestCase
r = process('show', 'id' => 'HomePage', 'web' => 'wiki1')
assert_response :success
assert_match /<em>Recursive include detected: HomePage \342\206\222 HomePage<\/em>/, r.body
assert_match /<em>Recursive include detected: HomePage \342\206\222 HomePage<\/em>/, r.body.as_bytes
end
def test_recursive_include_II
@ -947,7 +948,7 @@ class WikiControllerTest < ActionController::TestCase
r = process('show', 'id' => 'HomePage', 'web' => 'wiki1')
assert_response :success
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun <em>Recursive include detected: Foo \342\206\222 Foo<\/em><\/p>/, r.body
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun <em>Recursive include detected: Foo \342\206\222 Foo<\/em><\/p>/, r.body.as_bytes
end
def test_recursive_include_III
@ -961,7 +962,7 @@ class WikiControllerTest < ActionController::TestCase
r = process('show', 'id' => 'HomePage', 'web' => 'wiki1')
assert_response :success
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun<\/p>\n<em>Recursive include detected: Bar \342\206\222 Bar<\/em>/, r.body
assert_match /<p>Recursive-include:<\/p>\n\n<p>extra fun<\/p>\n<em>Recursive include detected: Bar \342\206\222 Bar<\/em>/, r.body.as_bytes
end
def test_nonrecursive_include

2
test/unit/chunks/category_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../../test_helper')
require 'chunks/category'
class CategoryTest < Test::Unit::TestCase

10
test/unit/chunks/nowiki_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../../test_helper')
require 'chunks/nowiki'
class NoWikiTest < Test::Unit::TestCase
@ -26,25 +26,25 @@ class NoWikiTest < Test::Unit::TestCase
def test_sanitize_nowiki
match(NoWiki, 'This sentence contains <nowiki>[[test]]&<a href="a&b">shebang</a> <script>alert("xss!");</script> *foo*</nowiki>. Do not touch!',
:plain_text => "[[test]]&amp;<a href='a&amp;b'>shebang</a> &lt;script&gt;alert(\"xss!\");&lt;/script&gt; *foo*"
:plain_text => "[[test]]&amp;<a href='a&amp;b'>shebang</a> &lt;script&gt;alert(&quot;xss!&quot;);&lt;/script&gt; *foo*"
)
end
def test_sanitize_nowiki_ill_formed
match(NoWiki, "<nowiki><animateColor xlink:href='#foo'/></nowiki>",
:plain_text => "&lt;animateColor xlink:href=&#39;#foo&#39;&gt;&lt;/animateColor&gt;"
:plain_text => "&lt;animateColor xlink:href=&#39;#foo&#39;/&gt;"
)
end
def test_sanitize_nowiki_ill_formed_II
match(NoWiki, "<nowiki><animateColor xlink:href='#foo'/>\000</nowiki>",
:plain_text => %(&lt;animateColor xlink:href=&#39;#foo&#39;&gt;&lt;/animateColor&gt;\xEF\xBF\xBD)
:plain_text => %(&lt;animateColor xlink:href=&#39;#foo&#39;/&gt;)
)
end
def test_sanitize_nowiki_bad_utf8
match(NoWiki, "<nowiki>\357elephant &AMP; \302ivory</nowiki>",
:plain_text => "\357\277\275elephant &amp; \357\277\275ivory"
:plain_text => "".respond_to?(:force_encoding) ? "elephant &amp;AMP; ivory" : "ephant &amp;AMP; vory"
)
end

2
test/unit/chunks/wiki_test.rb
View file

@ -1,7 +1,7 @@
#!/usr/bin/env ruby
# encoding: UTF-8
require File.dirname(__FILE__) + '/../../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../../test_helper')
require 'chunks/wiki'
class WikiTest < Test::Unit::TestCase

6
test/unit/page_renderer_test.rb
View file

@ -281,12 +281,12 @@ END_THM
re = Regexp.new(
%{<p>equation <span class='maruku-inline'><img alt='\\$a\\\\sin\\(\\\\theta\\)\\$' } +
%{class='maruku-png' src='\.\./files/pngs/\\w+\.png' style='vertical-align: -0\.5} +
%{55555555555556ex; height: 2\.33333333333333ex;'/></span></p>})
%{(5)+6ex; height: 2\.3(3)+ex;'/></span></p>})
assert_match_markup_parsed_as(re, 'equation $a\sin(\theta)$')
re = Regexp.new(
%{<div class='maruku-equation'><img alt='\\$a\\\\sin\\(\\\\theta\\)\\$' } +
%{class='maruku-png' src='\.\./files/pngs/\\w+\.png' style='height: 2\.333333333} +
%{class='maruku-png' src='\.\./files/pngs/\\w+\.png' style='height: 2\.3(3)+} +
%{33333ex;'/><span class='maruku-eq-tex'><code style='display: none;'>a\\\\sin} +
%{\\(\\\\theta\\)<\/code><\/span><\/div>})
assert_match_markup_parsed_as(re, '$$a\sin(\theta)$$')
@ -504,7 +504,7 @@ END_THM
def test_malformed_nowiki
assert_markup_parsed_as(
'<p><i><b/></i></p>',
'<p>&lt;i&gt;&lt;b&gt;&lt;/i&gt;&lt;/b&gt;</p>',
'<nowiki><i><b></i></b></nowiki> ')
end

189
test/unit/sanitize_test.rb
View file

@ -1,189 +0,0 @@
#!/usr/bin/env ruby
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'sanitize'
require 'json'
class SanitizeTest < Test::Unit::TestCase
include Sanitize
def setup
end
def do_sanitize_xhtml stream
safe_sanitize_xhtml(stream)
end
def check_sanitization(input, htmloutput, xhtmloutput, rexmloutput)
assert_equal htmloutput, do_sanitize_xhtml(input)
end
def rexml_doc(string)
REXML::Document.new(
"<div xmlns='http://www.w3.org/1999/xhtml'>#{string}</div>")
end
def my_rex(string)
sanitize_rexml(rexml_doc(string.to_utf8)).gsub(/\A<div xmlns="http:\/\/www.w3.org\/1999\/xhtml">(.*)<\/div>\Z/m, '\1')
end
def test_sanitize_named_entities
input = '<p>Greek &phis; &phi;, double-struck &Aopf;, numeric &#x1D538; &#8279;, uppercase &TRADE; &LT;</p>'
output = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric \360\235\224\270 \342\201\227, uppercase \342\204\242 &lt;</p>"
output2 = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric &#x1D538; &#8279;, uppercase \342\204\242 &lt;</p>"
assert_equal(output, sanitize_xhtml(input))
assert_equal(output, sanitize_html(input))
assert_equal(output, my_rex(input))
assert_equal(output2, input.to_utf8)
end
def test_sanitize_malformed_utf8
input = "<p>\357elephant &AMP; \302ivory</p>"
output = "<p>\357\277\275elephant &amp; \357\277\275ivory</p>"
check_sanitization(input, output, output, output)
end
Sanitizer::ALLOWED_ELEMENTS.each do |tag_name|
define_method "test_should_allow_#{tag_name}_tag" do
input = "<#{tag_name} title='1'>foo <bad>bar</bad> baz</#{tag_name}>"
htmloutput = "<#{tag_name.downcase} title='1'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</#{tag_name.downcase}>"
xhtmloutput = "<#{tag_name} title='1'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</#{tag_name}>"
rexmloutput = xhtmloutput
if %w[caption colgroup optgroup option tbody td tfoot th thead tr].include?(tag_name)
htmloutput = "foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
elsif tag_name == 'col'
htmloutput = "foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
rexmloutput = "<col title='1' />"
elsif tag_name == 'table'
htmloutput = "foo &lt;bad&gt;bar&lt;/bad&gt;baz<table title='1'> </table>"
xhtmloutput = htmloutput
elsif tag_name == 'image'
htmloutput = "<img title='1'/>foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
rexmloutput = "<image title='1'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</image>"
elsif VOID_ELEMENTS.include?(tag_name)
htmloutput = "<#{tag_name} title='1'/>foo &lt;bad&gt;bar&lt;/bad&gt; baz"
xhtmloutput = htmloutput
htmloutput += '<br/>' if tag_name == 'br'
rexmloutput = "<#{tag_name} title='1' />"
end
check_sanitization(input, xhtmloutput, xhtmloutput, rexmloutput)
end
end
Sanitizer::ALLOWED_ELEMENTS.each do |tag_name|
define_method "test_should_forbid_#{tag_name.upcase}_tag" do
input = "<#{tag_name.upcase} title='1'>foo <bad>bar</bad> baz</#{tag_name.upcase}>"
output = "&lt;#{tag_name.upcase} title=\"1\"&gt;foo &lt;bad&gt;bar&lt;/bad&gt; baz&lt;/#{tag_name.upcase}&gt;"
xhtmloutput = "&lt;#{tag_name.upcase} title='1'&gt;foo &lt;bad&gt;bar&lt;/bad&gt; baz&lt;/#{tag_name.upcase}&gt;"
check_sanitization(input, output, xhtmloutput, output)
end
end
Sanitizer::ALLOWED_ATTRIBUTES.each do |attribute_name|
next if attribute_name == 'style' || attribute_name.include?(':')
define_method "test_should_allow_#{attribute_name}_attribute" do
input = "<p #{attribute_name}='foo'>foo <bad>bar</bad> baz</p>"
output = "<p #{attribute_name}='foo'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>"
htmloutput = "<p #{attribute_name.downcase}='foo'>foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::ALLOWED_ATTRIBUTES.each do |attribute_name|
define_method "test_should_forbid_#{attribute_name.upcase}_attribute" do
input = "<p #{attribute_name.upcase}='display: none;'>foo <bad>bar</bad> baz</p>"
output = "<p>foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::ALLOWED_PROTOCOLS.each do |protocol|
define_method "test_should_allow_#{protocol}_uris" do
input = %(<a href="#{protocol}">foo</a>)
output = "<a href='#{protocol}'>foo</a>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::ALLOWED_PROTOCOLS.each do |protocol|
define_method "test_should_allow_uppercase_#{protocol}_uris" do
input = %(<a href="#{protocol.upcase}">foo</a>)
output = "<a href='#{protocol.upcase}'>foo</a>"
check_sanitization(input, output, output, output)
end
end
Sanitizer::SVG_ALLOW_LOCAL_HREF.each do |tag_name|
next unless Sanitizer::ALLOWED_ELEMENTS.include?(tag_name)
define_method "test_#{tag_name}_should_allow_local_href_with_ns_decl" do
input = %(<#{tag_name} xlink:href="#foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xlink:href='#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xlink:href='#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_allow_local_href_with_newline_and_ns_decl" do
input = %(<#{tag_name} xlink:href="\n#foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xlink:href='\n#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xlink:href='\n#foo' xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_local_href_without_ns_decl" do
input = %(<#{tag_name} xlink:href="#foo"/>)
output = "&lt;#{tag_name.downcase} xlink:href='#foo'/>"
xhtmloutput = "&lt;#{tag_name} xlink:href=&#39;#foo&#39;&gt;&lt;/#{tag_name}&gt;"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_local_href_with_newline_without_ns_decl" do
input = %(<#{tag_name} xlink:href="\n#foo"/>)
output = "&lt;#{tag_name.downcase} xlink:href='\n#foo'/>"
xhtmloutput = "&lt;#{tag_name} xlink:href=&#39;\n#foo&#39;&gt;&lt;/#{tag_name}&gt;"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_nonlocal_href_with_ns_decl" do
input = %(<#{tag_name} xlink:href="http://bad.com/foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
define_method "test_#{tag_name}_should_forbid_nonlocal_href_with_newline_and_ns_decl" do
input = %(<#{tag_name} xlink:href="\nhttp://bad.com/foo" xmlns:xlink='http://www.w3.org/1999/xlink'/>)
output = "<#{tag_name.downcase} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
xhtmloutput = "<#{tag_name} xmlns:xlink='http://www.w3.org/1999/xlink'/>"
check_sanitization(input, xhtmloutput, xhtmloutput, xhtmloutput)
end
end
def test_should_handle_astral_plane_characters
input = "<p>&#x1d4b5; &#x1d538;</p>"
output = "<p>\360\235\222\265 \360\235\224\270</p>"
check_sanitization(input, output, output, output)
input = "<p><tspan>\360\235\224\270</tspan> a</p>"
output = "<p><tspan>\360\235\224\270</tspan> a</p>"
check_sanitization(input, output, output, output)
end
JSON::parse(open(File.expand_path(File.join(File.dirname(__FILE__), '/../sanitizer.dat'))).read).each do |test|
define_method "test_#{test['name']}" do
check_sanitization(
test['input'],
test['output'],
test['xhtml'] || test['output'],
test['rexml'] || test['output']
)
end
end
end

6
test/unit/sanitizer_test.rb
View file

@ -19,7 +19,7 @@ class SanitizerTest < Test::Unit::TestCase
end
def check_sanitization(input, htmloutput, xhtmloutput, rexmloutput)
assert_equal xhtmloutput, do_sanitize_xhtml(input)
assert_equal xhtmloutput.as_bytes, do_sanitize_xhtml(input).as_bytes
end
def test_sanitize_named_entities
@ -27,12 +27,12 @@ class SanitizerTest < Test::Unit::TestCase
output = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric \360\235\224\270 \342\201\227, uppercase \342\204\242 &lt;</p>"
output2 = "<p>Greek \317\225 \317\206, double-struck \360\235\224\270, numeric &#x1D538; &#8279;, uppercase \342\204\242 &lt;</p>"
check_sanitization(input, output, output, output)
assert_equal(output2, input.to_utf8)
assert_equal(output2, input.to_utf8.as_bytes)
end
def test_sanitize_malformed_utf8
input = "<p>\357elephant &AMP; \302ivory</p>".purify
output = "<p>ephant &amp; vory</p>"
output = "".respond_to?(:force_encoding) ? "<p>elephant &amp; ivory</p>" : "<p>ephant &amp; vory</p>"
check_sanitization(input, output, output, output)
end

2
test/unit/uri_test.rb
View file

@ -1,6 +1,6 @@
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'chunks/uri'
class URITest < Test::Unit::TestCase

2
test/unit/web_test.rb
View file

@ -1,4 +1,4 @@
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
class WebTest < ActiveSupport::TestCase
fixtures :system, :webs, :pages, :revisions, :wiki_references

2
test/unit/wiki_file_test.rb
View file

@ -1,4 +1,4 @@
require File.dirname(__FILE__) + '/../test_helper'
require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
require 'fileutils'
class WikiFileTest < ActiveSupport::TestCase