Skip to content

Commit ff53120

Browse files
dmsnelldmsnell
committed
HTML API: Rely on HTML API in oEmbed filtering tests. (#9259)
Prep work for #9248.
1 parent 9032503 commit ff53120

File tree

2 files changed

+82
-21
lines changed

2 files changed

+82
-21
lines changed

tests/phpunit/tests/oembed/filterResult.php

Lines changed: 79 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -9,26 +9,57 @@ public function test_filter_oembed_result_trusted_malicious_iframe() {
99

1010
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), 'https://www.youtube.com/watch?v=72xdCU__XCk' );
1111

12-
$this->assertSame( $html, $actual );
12+
$this->assertEqualHTML( $html, $actual );
1313
}
1414

1515
public function test_filter_oembed_result_with_untrusted_provider() {
1616
$html = '<p></p><iframe onload="alert(1)" src="http://example.com/sample-page/"></iframe>';
1717
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), 'http://example.com/sample-page/' );
1818

19-
$matches = array();
20-
preg_match( '|src=".*#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
19+
$processor = new WP_HTML_Tag_Processor( $actual );
2120

22-
$this->assertArrayHasKey( 1, $matches );
23-
$this->assertArrayHasKey( 2, $matches );
24-
$this->assertSame( $matches[1], $matches[2] );
21+
$this->assertTrue(
22+
$processor->next_tag( 'IFRAME' ),
23+
'Failed to find expected IFRAME element in filtered output.'
24+
);
25+
26+
$src = $processor->get_attribute( 'src' );
27+
$this->assertIsString(
28+
$src,
29+
isset( $src )
30+
? 'Expected "src" attribute on IFRAME with string value but found boolean attribute instead.'
31+
: 'Failed to find expected "src" attribute on IFRAME element.'
32+
);
33+
34+
$query_string = parse_url( $src, PHP_URL_FRAGMENT );
35+
$this->assertStringStartsWith(
36+
'?',
37+
$query_string,
38+
'Should have found URL fragment in "src" attribute resembling a query string.'
39+
);
40+
41+
$query_string = substr( $query_string, 1 );
42+
$query_args = array();
43+
parse_str( $query_string, $query_args );
44+
45+
$this->assertArrayHasKey(
46+
'secret',
47+
$query_args,
48+
'Failed to find expected query arg "secret" in IFRAME "src" attribute.'
49+
);
50+
51+
$this->assertSame(
52+
$query_args['secret'],
53+
$processor->get_attribute( 'data-secret' ),
54+
'Expected to find identical copy of secret from IFRAME "src" in the "data-secret" attribute.'
55+
);
2556
}
2657

2758
public function test_filter_oembed_result_only_one_iframe_is_allowed() {
2859
$html = '<div><iframe></iframe><iframe></iframe><p></p></div>';
2960
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
3061

31-
$this->assertSame( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
62+
$this->assertEqualHTML( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
3263
}
3364

3465
public function test_filter_oembed_result_with_newlines() {
@@ -41,7 +72,7 @@ public function test_filter_oembed_result_with_newlines() {
4172

4273
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
4374

44-
$this->assertSame( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
75+
$this->assertEqualHTML( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
4576
}
4677

4778
public function test_filter_oembed_result_without_iframe() {
@@ -60,18 +91,48 @@ public function test_filter_oembed_result_secret_param_available() {
6091
$html = '<iframe src="https://wordpress.org"></iframe>';
6192
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
6293

63-
$matches = array();
64-
preg_match( '|src="https://wordpress.org#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
94+
$processor = new WP_HTML_Tag_Processor( $actual );
6595

66-
$this->assertArrayHasKey( 1, $matches );
67-
$this->assertArrayHasKey( 2, $matches );
68-
$this->assertSame( $matches[1], $matches[2] );
96+
$this->assertTrue(
97+
$processor->next_tag( 'IFRAME' ),
98+
'Failed to find expected IFRAME element in filtered output.'
99+
);
100+
101+
$src = $processor->get_attribute( 'src' );
102+
$this->assertMatchesRegularExpression(
103+
'~^https://wordpress.org~',
104+
$src,
105+
'Failed to find expected "src" attribute on IFRAME element.'
106+
);
107+
108+
$query_string = parse_url( $src, PHP_URL_FRAGMENT );
109+
$this->assertStringStartsWith(
110+
'?',
111+
$query_string,
112+
'Should have found URL fragment in "src" attribute resembling a query string.'
113+
);
114+
115+
$query_string = substr( $query_string, 1 );
116+
$query_args = array();
117+
parse_str( $query_string, $query_args );
118+
119+
$this->assertArrayHasKey(
120+
'secret',
121+
$query_args,
122+
'Failed to find expected query arg "secret" in IFRAME "src" attribute.'
123+
);
124+
125+
$this->assertSame(
126+
$query_args['secret'],
127+
$processor->get_attribute( 'data-secret' ),
128+
'Expected to find identical copy of secret from IFRAME "src" in the "data-secret" attribute.'
129+
);
69130
}
70131

71132
public function test_filter_oembed_result_wrong_type_provided() {
72133
$actual = wp_filter_oembed_result( 'some string', (object) array( 'type' => 'link' ), '' );
73134

74-
$this->assertSame( 'some string', $actual );
135+
$this->assertEqualHTML( 'some string', $actual );
75136
}
76137

77138
public function test_filter_oembed_result_invalid_result() {
@@ -83,14 +144,14 @@ public function test_filter_oembed_result_blockquote_adds_style_to_iframe() {
83144
$html = '<blockquote></blockquote><iframe></iframe>';
84145
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
85146

86-
$this->assertSame( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
147+
$this->assertEqualHTML( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
87148
}
88149

89150
public function test_filter_oembed_result_allowed_html() {
90151
$html = '<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>';
91152
$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
92153

93-
$this->assertSame( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
154+
$this->assertEqualHTML( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
94155
}
95156

96157
public function data_wp_filter_pre_oembed_custom_result() {
@@ -124,7 +185,7 @@ public function test_wp_filter_pre_oembed_custom_result( $html, $expected ) {
124185
'html' => $html,
125186
);
126187
$actual = _wp_oembed_get_object()->data2html( $data, 'https://untrusted.localhost' );
127-
$this->assertSame( $expected, $actual );
188+
$this->assertEqualHTML( $expected, $actual );
128189
}
129190

130191
/**
@@ -134,6 +195,6 @@ public function test_filter_feed_content() {
134195
$html = '<blockquote></blockquote><iframe></iframe>';
135196
$actual = _oembed_filter_feed_content( wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ) );
136197

137-
$this->assertSame( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" ></iframe>', $actual );
198+
$this->assertEqualHTML( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" ></iframe>', $actual );
138199
}
139200
}

tests/phpunit/tests/oembed/filterTitleAttributes.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ public function data_filter_oembed_iframe_title_attribute() {
6767
public function test_oembed_iframe_title_attribute( $html, $oembed_data, $url, $expected ) {
6868
$actual = wp_filter_oembed_iframe_title_attribute( $html, (object) $oembed_data, $url );
6969

70-
$this->assertSame( $expected, $actual );
70+
$this->assertEqualHTML( $expected, $actual );
7171
}
7272

7373
public function test_filter_oembed_iframe_title_attribute() {
@@ -84,7 +84,7 @@ public function test_filter_oembed_iframe_title_attribute() {
8484

8585
remove_filter( 'oembed_iframe_title_attribute', array( $this, '_filter_oembed_iframe_title_attribute' ) );
8686

87-
$this->assertSame( '<iframe title="Baz" src=""></iframe>', $actual );
87+
$this->assertEqualHTML( '<iframe title="Baz" src=""></iframe>', $actual );
8888
}
8989

9090
public function test_filter_oembed_iframe_title_attribute_does_not_modify_other_tags() {
@@ -101,7 +101,7 @@ public function test_filter_oembed_iframe_title_attribute_does_not_modify_other_
101101

102102
remove_filter( 'oembed_iframe_title_attribute', array( $this, '_filter_oembed_iframe_title_attribute' ) );
103103

104-
$this->assertSame( '<p title="Bar">Baz</p><iframe title="Baz" src=""></iframe>', $actual );
104+
$this->assertEqualHTML( '<p title="Bar">Baz</p><iframe title="Baz" src=""></iframe>', $actual );
105105
}
106106

107107
public function _filter_oembed_iframe_title_attribute() {

0 commit comments

Comments
 (0)