xemlock / htmlpurifier-html5 / 13168072550

coverage: 99.406%. Remained the same
13168072550

push

github

xemlock 
Adjust tests for HTMLPurifier 4.18.0

Support for conditional comments was removed in HTMLPurifier 4.18.0,
see: https://github.com/ezyang/htmlpurifier/commit/4828fdf.

1507 of 1516 relevant lines covered (99.41%)

3215.37 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.45
/library/HTMLPurifier/AttrDef/HTML5/IntegrityMetadata.php
1 
<?php
2 









3



/**










4



 * Subresource Integrity metadata










5



 *










6



 * @see https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity










7



 * @see https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute










8



 * @see https://github.com/validator/validator/blob/master/src/nu/validator/datatype/IntegrityMetadata.java










9



 */










10



class HTMLPurifier_AttrDef_HTML5_IntegrityMetadata extends HTMLPurifier_AttrDef










11



{










12



    /**










13



     * @param string $value










14



     * @param HTMLPurifier_Config $config










15



     * @param HTMLPurifier_Context $context










16



     * @return bool|string










17



     */










18



    public function validate($value, $config, $context)










19



    {










20



        // An integrity value may contain multiple hashes separated by whitespace.










21



        $hashes = preg_split('/\s+/', $value);




180





22



        $valid = array();




180





23












24



        foreach ($hashes as $hash) {




180





25



            if (strpos($hash, '-') === false) {




180





26



                continue;




×







27



            }










28












29



            list($algo, $digest) = explode('-', $hash, 2);




180





30












31



            if (!in_array($algo, array('sha256', 'sha384', 'sha512'), true)) {




180





32



                // Values must start with sha256- or sha384- or sha512-










33



                continue;




10





34



            }










35












36



            if (!preg_match('/^[+\/0-9A-Za-z]+[=]{0,3}$/', $digest)) {




170





37



                // Invalid base64-value (characters are not in the base64-value grammar).










38



                continue;




10





39



            }










40












41



            // Strip padding










42



            $digest = rtrim($digest, '=');




160





43












44



            // Strip 'sha' prefix, to get expected bit length of the digest










45



            // In Base64 1 char encodes 6 bits, i.e. 512 bits (sha512 digest) require 86 characters










46



            $len = (int) ceil(substr($algo, 3) / 6);




160





47



            if (strlen($digest) !== $len) {




160





48



                continue;




60





49



            }










50












51



            // Add padding










52



            if (strlen($digest) % 4) {




140





53



                $digest .= str_repeat('=', 4 - strlen($digest) % 4);




130





54



            }




26





55












56



            $valid[] = $algo . '-' . $digest;




140





57



        }




36





58












59



        if (empty($valid)) {




180





60



            return false;




40





61



        }










62












63



        return implode(' ', $valid);




140





64



    }










65



}
























    

  • 

    •