mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateStyles
synced 2025-01-06 03:55:21 +00:00
b301a30abf
wikimedia/css-sanitizer provides a real CSS parser, which should be safer than poking at things with regular expressions. Instead of the strange hybrid model that tried to both process inline CSS and save CSS when the template is saved, it now looks for <templatestyles src="Title" /> during the parse to do all the transclusion of styles. The output method is "<style> tags in the body", pending someone implementing T160563. It now also registers a "sanitized-css" content model, which should pick up the CSS syntax highlighting and will validate the submitted CSS on submit and prevent a save if it's not valid. This patch also takes advantage of LGPL-2.x § 3 to relicense the extension as GPL-2.0+, although at this point none of the LGPL code remains anyway. Bug: T133408 Bug: T136054 Bug: T135788 Bug: T135789 Change-Id: I993e6f18d32a43aac8398743133d227b05133bbd Depends-On: If4eb5bf71f94fa366ec4eddb6964e8f4df6b824a
68 lines
2.1 KiB
PHP
68 lines
2.1 KiB
PHP
<?php
|
|
|
|
use Wikimedia\CSS\Objects\ComponentValueList;
|
|
use Wikimedia\CSS\Objects\Token;
|
|
|
|
/**
|
|
* @group TemplateStyles
|
|
*/
|
|
class TemplateStylesMatcherFactoryTest extends PHPUnit_Framework_TestCase {
|
|
|
|
/**
|
|
* @dataProvider provideUrls
|
|
* @param string $type
|
|
* @param string $url
|
|
* @param bool $expect
|
|
*/
|
|
public function testUrls( $type, $url, $expect ) {
|
|
$factory = new TemplateStylesMatcherFactory( [
|
|
'test1' => [
|
|
'<^http://example\.com/test1/>',
|
|
],
|
|
'test2' => [
|
|
'<^http://example\.com/test2/A/>',
|
|
'<^http://example\.com/test2/B/>',
|
|
],
|
|
'anything' => [
|
|
'<.>',
|
|
],
|
|
] );
|
|
|
|
$list = new ComponentValueList( [
|
|
new Token( Token::T_STRING, $url )
|
|
] );
|
|
$this->assertSame( $expect, (bool)$factory->urlstring( $type )->match( $list ) );
|
|
|
|
$list = new ComponentValueList( [
|
|
new Token( Token::T_URL, $url )
|
|
] );
|
|
$this->assertSame( $expect, (bool)$factory->url( $type )->match( $list ) );
|
|
}
|
|
|
|
public static function provideUrls() {
|
|
return [
|
|
[ 'test1', 'http://example.com/test1/foobar', true ],
|
|
[ 'test2', 'http://example.com/test1/foobar', false ],
|
|
[ 'test2', 'http://example.com/test2/A/foobar', true ],
|
|
[ 'test2', 'http://example.com/test2/B/foobar', true ],
|
|
[ 'test2', 'http://example.com/test2/C/foobar', false ],
|
|
[ 'test3', 'http://example.com/test3/foobar', false ],
|
|
[ 'test1', 'http://example.com/test1/../../etc/password', false ],
|
|
[ 'test1', 'http://example.com/test1/..%2F..%2Fetc%2Fpassword', false ],
|
|
[ 'test1', 'http://example.com/test1/etc\\password', false ],
|
|
[ 'test1', 'http://example.com/test%31/foobar', true ],
|
|
[ 'test1', 'http://example.com/test1/x=/%2E/foobar', false ],
|
|
[ 'test1', 'http://example.com/test1/?x=/%2E/foobar', true ],
|
|
[ 'test1', 'http://example.com/test1/%3Fx=/%2E/foobar', false ],
|
|
[ 'test1', 'http://example.com/test1/#x=/%2E/foobar', true ],
|
|
[ 'test1', 'http://example.com/test1/%23x=/%2E/foobar', false ],
|
|
[ 'anything', 'totally bogus', true ],
|
|
[ 'anything', '/dotdot/../still/fails/though', false ],
|
|
[ 'anything', '../still/fails/though', false ],
|
|
[ 'anything', 'still/fails/..', false ],
|
|
[ 'anything', '..', false ],
|
|
];
|
|
}
|
|
|
|
}
|