Skip to content

Commit ad218b1

Browse files
dmsnelldmsnell
committed
HTML API: Rely on HTML API in oEmbed filtering tests. (#9259)
Prep work for #9248.
1 parent 9032503 commit ad218b1

File tree

1 file changed

+65
-18
lines changed

1 file changed

+65
-18
lines changed

tests/phpunit/tests/oembed/filterResult.php

Lines changed: 65 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -9,26 +9,50 @@ public function test_filter_oembed_result_trusted_malicious_iframe() {
99

1010
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), 'https://www.youtube.com/watch?v=72xdCU__XCk' );
1111

12-
$this->assertSame( $html, $actual );
12+
$this->assertEqualHTML( $html, $actual );
1313
}
1414

1515
public function test_filter_oembed_result_with_untrusted_provider() {
1616
$html = '<p></p><iframe onload="alert(1)" src="http://example.com/sample-page/"></iframe>';
1717
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), 'http://example.com/sample-page/' );
1818

19-
$matches = array();
20-
preg_match( '|src=".*#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
19+
$processor = new WP_HTML_Tag_Processor( $actual );
2120

22-
$this->assertArrayHasKey( 1, $matches );
23-
$this->assertArrayHasKey( 2, $matches );
24-
$this->assertSame( $matches[1], $matches[2] );
21+
$this->assertTrue(
22+
$processor->next_tag( 'IFRAME' ),
23+
'Failed to find expected IFRAME element in filtered output.'
24+
);
25+
26+
$src = $processor->get_attribute( 'src' );
27+
$this->assertIsString(
28+
$src,
29+
isset( $src )
30+
? 'Expected "src" attribute on IFRAME with string value but found boolean attribute instead.'
31+
: 'Failed to find expected "src" attribute on IFRAME element.'
32+
);
33+
34+
$query_string = parse_url( $src, PHP_URL_QUERY );
35+
$query_args = array();
36+
parse_str( $query_string, $query_args );
37+
38+
$this->assertArrayHasKey(
39+
'secret',
40+
$query_args,
41+
'Failed to find expected query arg "secret" in IFRAME "src" attribute.'
42+
);
43+
44+
$this->assertSame(
45+
$query_args['secret'],
46+
$processor->get_attribute( 'data-secret' ),
47+
'Expected to find identical copy of secret from IFRAME "src" in the "data-secret" attribute.'
48+
);
2549
}
2650

2751
public function test_filter_oembed_result_only_one_iframe_is_allowed() {
2852
$html = '<div><iframe></iframe><iframe></iframe><p></p></div>';
2953
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
3054

31-
$this->assertSame( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
55+
$this->assertEqualHTML( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
3256
}
3357

3458
public function test_filter_oembed_result_with_newlines() {
@@ -41,7 +65,7 @@ public function test_filter_oembed_result_with_newlines() {
4165

4266
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
4367

44-
$this->assertSame( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
68+
$this->assertEqualHTML( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
4569
}
4670

4771
public function test_filter_oembed_result_without_iframe() {
@@ -60,18 +84,41 @@ public function test_filter_oembed_result_secret_param_available() {
6084
$html = '<iframe src="https://wordpress.org"></iframe>';
6185
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
6286

63-
$matches = array();
64-
preg_match( '|src="https://wordpress.org#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
87+
$processor = new WP_HTML_Tag_Processor( $actual );
6588

66-
$this->assertArrayHasKey( 1, $matches );
67-
$this->assertArrayHasKey( 2, $matches );
68-
$this->assertSame( $matches[1], $matches[2] );
89+
$this->assertTrue(
90+
$processor->next_tag( 'IFRAME' ),
91+
'Failed to find expected IFRAME element in filtered output.'
92+
);
93+
94+
$src = $processor->get_attribute( 'src' );
95+
$this->assertMatchesRegularExpression(
96+
'~^https://wordpress.org~',
97+
$src,
98+
'Failed to find expected "src" attribute on IFRAME element.'
99+
);
100+
101+
$query_string = parse_url( $src, PHP_URL_QUERY );
102+
$query_args = array();
103+
parse_str( $query_string, $query_args );
104+
105+
$this->assertArrayHasKey(
106+
'secret',
107+
$query_args,
108+
'Failed to find expected query arg "secret" in IFRAME "src" attribute.'
109+
);
110+
111+
$this->assertSame(
112+
$query_args['secret'],
113+
$processor->get_attribute( 'data-secret' ),
114+
'Expected to find identical copy of secret from IFRAME "src" in the "data-secret" attribute.'
115+
);
69116
}
70117

71118
public function test_filter_oembed_result_wrong_type_provided() {
72119
$actual = wp_filter_oembed_result( 'some string', (object) array( 'type' => 'link' ), '' );
73120

74-
$this->assertSame( 'some string', $actual );
121+
$this->assertEqualHTML( 'some string', $actual );
75122
}
76123

77124
public function test_filter_oembed_result_invalid_result() {
@@ -83,14 +130,14 @@ public function test_filter_oembed_result_blockquote_adds_style_to_iframe() {
83130
$html = '<blockquote></blockquote><iframe></iframe>';
84131
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
85132

86-
$this->assertSame( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
133+
$this->assertEqualHTML( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
87134
}
88135

89136
public function test_filter_oembed_result_allowed_html() {
90137
$html = '<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>';
91138
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
92139

93-
$this->assertSame( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
140+
$this->assertEqualHTML( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
94141
}
95142

96143
public function data_wp_filter_pre_oembed_custom_result() {
@@ -124,7 +171,7 @@ public function test_wp_filter_pre_oembed_custom_result( $html, $expected ) {
124171
'html' => $html,
125172
);
126173
$actual = _wp_oembed_get_object()->data2html( $data, 'https://untrusted.localhost' );
127-
$this->assertSame( $expected, $actual );
174+
$this->assertEqualHTML( $expected, $actual );
128175
}
129176

130177
/**
@@ -134,6 +181,6 @@ public function test_filter_feed_content() {
134181
$html = '<blockquote></blockquote><iframe></iframe>';
135182
$actual = _oembed_filter_feed_content( wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ) );
136183

137-
$this->assertSame( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" ></iframe>', $actual );
184+
$this->assertEqualHTML( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" ></iframe>', $actual );
138185
}
139186
}

0 commit comments

Comments
 (0)