35 lines
1.1 KiB
PHP
35 lines
1.1 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Shared;
|
|
|
|
use App\Shared\Html\HtmlPurifierFactory;
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
#[\PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations]
|
|
|
|
final class HtmlPurifierFactoryTest extends TestCase
|
|
{
|
|
public function testCreateBuildsPurifierAndSanitizesDangerousHtml(): void
|
|
{
|
|
$cacheDir = sys_get_temp_dir().'/htmlpurifier-test-'.bin2hex(random_bytes(4));
|
|
|
|
try {
|
|
$purifier = HtmlPurifierFactory::create($cacheDir);
|
|
$result = $purifier->purify('<p style="text-align:center">ok</p><a href="javascript:alert(1)">x</a> https://example.test');
|
|
|
|
self::assertDirectoryExists($cacheDir);
|
|
self::assertStringContainsString('text-align:center', $result);
|
|
self::assertStringNotContainsString('javascript:', $result);
|
|
self::assertStringContainsString('https://example.test', $result);
|
|
} finally {
|
|
if (is_dir($cacheDir)) {
|
|
foreach (glob($cacheDir.'/*') ?: [] as $file) {
|
|
@unlink($file);
|
|
}
|
|
@rmdir($cacheDir);
|
|
}
|
|
}
|
|
}
|
|
}
|