* TODO: It is possible to add script, iframe etc. to allowed tags, but
* this makes HTML filter completely ineffective.
* @todo It is possible to add script, iframe etc. to allowed tags, but this
* makes HTML filter completely ineffective.
*
* TODO: Class, id, name and xmlns should be added to disallowed attributes,
* or better a whitelist approach should be used for that too.
* @todo Class, id, name and xmlns should be added to disallowed attributes,
* or better a whitelist approach should be used for that too.
*/
functiontestFilter(){
// Check that access restriction really works.
...
...
@@ -483,8 +488,9 @@ class FilterTestCase extends DrupalWebTestCase {
}
/**
* Test the HTML escaping filter. Here we test only whether check_plain()
* does what it should.
* Test the HTML escaping filter.
*
* Here we test only whether check_plain() does what it should.
*/
functiontestNoHtmlFilter(){
// Test that characters that have special meaning in XML are changed into
...
...
@@ -567,7 +573,7 @@ class FilterTestCase extends DrupalWebTestCase {
// Even though a dot at the end of a URL can indicate a fully qualified
// domain name, such usage is rare compared to using a link at the end
// of a sentence, so remove the dot from the link.
// name. It can also be used at the end of a filename or a query string
// @todo It can also be used at the end of a filename or a query string.
$f=_filter_url('www.example.com.','f');
$this->assertEqual($f,'<a href="http://www.example.com" title="www.example.com">www.example.com</a>.',t('Converting URLs -- do not recognize a dot at the end of a domain name (FQDNs).'));
...
...
@@ -581,7 +587,7 @@ class FilterTestCase extends DrupalWebTestCase {
/**
* Test the HTML corrector.
*
* TODO: This test could really use some validity checking function.
* @todo This test could really use some validity checking function.
*/
functiontestHtmlCorrector(){
// Tag closing.
...
...
@@ -614,14 +620,12 @@ class FilterTestCase extends DrupalWebTestCase {