AnonSec Shell
Server IP : 54.36.91.62  /  Your IP : 216.73.216.208
Web Server : Apache
System : Linux webm013.cluster127.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64
User : coopiak ( 151928)
PHP Version : 8.3.23
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/coopiak/amisdesseniors-fr/aix/media/com_jce/editor/tinymce/plugins/media/tests/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /home/coopiak/amisdesseniors-fr/aix/media/com_jce/editor/tinymce/plugins/media/tests/media.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
	<title>Unit tests for the Media plugin</title>
	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
	<link rel="stylesheet" href="http://code.jquery.com/qunit/qunit-1.14.0.css" type="text/css" />
	<script src="http://code.jquery.com/qunit/qunit-1.14.0.js"></script>
	<script src="../../../../../../../../tinymce-muon-retina/tests/qunit/connector.js"></script>
	<script type="text/javascript" src="../../../../../../../../tinymce-muon-retina/tests/qunit/runner.js"></script>
	<script type="text/javascript" src="../../../../../../../../tinymce-muon-retina/tests/js/utils.js"></script>
	<script type="text/javascript" src="../../../tinymce.js"></script>
	<script type="text/javascript" src="../plugin.js"></script>
</head>

<body>
	<script type="text/javascript">
		var editor;

		QUnit.config.reorder = false;
		QUnit.config.autostart = false;

		module("Media plugin", {
			autostart: false
		});

		function getEditorContent() {
			return editor.getContent().replace(/[\r\n]+/g, '');
		}

		function trimContent(value) {
			return value.trim();
		}

		function findContainer(selector) {
			var container;
			if (tinymce.is(selector, 'string')) {
				container = editor.dom.select(selector)[0];
			} else {
				container = selector;
			}
			if (container.firstChild) {
				container = container.firstChild;
			}
			return container;
		}

		var evt = function (data) {
			return tinymce.extend(data, { isDefaultPrevented: function () { return false; }, preventDefault: function () { } });
		};

		function setSelection(startSelector, startOffset, endSelector, endOffset) {
			if (!endSelector) {
				endSelector = startSelector;
				endOffset = startOffset;
			}
			var startContainer = findContainer(startSelector);
			var endContainer = findContainer(endSelector);
			var rng = editor.dom.createRng();

			function setRange(container, offset, start) {
				offset = offset || 0;

				if (offset === 'after') {
					if (start) {
						rng.setStartAfter(container);
					} else {
						rng.setEndAfter(container);
					}
					return;
				} else if (offset === 'afterNextCharacter') {
					container = container.nextSibling;
					offset = 1;
				}
				if (start) {
					rng.setStart(container, offset);
				} else {
					rng.setEnd(container, offset);
				}
			}

			setRange(startContainer, startOffset, true);
			setRange(endContainer, endOffset, false);
			editor.selection.setRng(rng);
		}

		test("Object retain as is", function () {
			editor.setContent(
				'<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="425" height="355">' +
				'<param name="movie" value="someurl">' +
				'<param name="wmode" value="transparent">' +
				'<embed src="someurl" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355" />' +
				'</object>'
			);

			equal(getEditorContent(),
				'<p><object width="425" height="355" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"><param name="movie" value="someurl"/><param name="wmode" value="transparent"/><embed src="someurl" type="application/x-shockwave-flash" width="425" height="355"></embed></p></object></p>'
			);
		});

		test("Embed retain as is", function () {
			editor.setContent(
				'<embed src="320x240.ogg" width="100" height="200">text<a href="#">link</a></embed>'
			);

			equal(
				getEditorContent(),
				'<p><embed src="320x240.ogg" width="100" height="200"></embed>text<a href="#">link</a></p>'
			);
		});

		test("Video retain as is", function () {
			editor.setContent(
				'<video src="320x240.ogg" autoplay loop controls>text<a href="#">link</a></video>'
			);

			equal(
				getEditorContent(),
				'<p><video src="320x240.ogg" autoplay="autoplay" loop="loop" controls="controls">text<a href="#">link</a></video></p>'
			);
		});

		test("Iframe retain as is", function () {
			editor.setContent(
				'<iframe src="320x240.ogg" allowfullscreen>text<a href="#">link</a></iframe>'
			);

			equal(getEditorContent(),
				'<p><iframe src="320x240.ogg" allowfullscreen="allowfullscreen">text<a href="#">link</a></iframe></p>'
			);
		});

		test("Audio retain as is", function () {
			editor.setContent(
				'<audio src="sound.mp3">' +
				'<track kind="captions" src="foo.en.vtt" srclang="en" label="English">' +
				'<track kind="captions" src="foo.sv.vtt" srclang="sv" label="Svenska">' +
				'text<a href="#">link</a>' +
				'</audio>'
			);

			equal(getEditorContent(),
				'<p>' +
				'<audio src="sound.mp3">' +
				'<track kind="captions" src="foo.en.vtt" srclang="en" label="English" />' +
				'<track kind="captions" src="foo.sv.vtt" srclang="sv" label="Svenska" />' +
				'text<a href="#">link</a>' +
				'</audio>' +
				'</p>'
			);
		});

		test("XSS content", function () {
			function testXss(input, expectedOutput) {
				editor.setContent(input);
				equal(getEditorContent(), expectedOutput);
			}

			testXss('<video><a href="javascript:alert(1);">a</a></video>', '<p><video><a>a</a></video></p>');
			testXss('<video><img src="x" onload="alert(1)"></video>', '<p><video><img src="x" alt="" /></video></p>');
			testXss('<video><img src="x"></video>', '<p><video><img src="x" alt="" /></video></p>');
			testXss('<video><!--[if IE]><img src="x" alt="" /><![endif]--></video>', '<p><video><!-- [if IE]><img src="x" alt="" /><![endif]--></video></p>');
			testXss('<p><p><audio><audio src=x onerror=alert(1)>', '<p><audio src="x"></audio></p>');
			testXss('<p><html><audio><br /><audio src=x onerror=alert(1)></p>', '');
			testXss('<p><audio><img src="javascript:alert(1)"></audio>', '<p><audio><img /></audio></p>');
			testXss('<p><audio><img src="x" style="behavior:url(x); width: 1px"></audio>', '<p><audio><img src="x" style="width: 1px;" /></audio></p>');
			testXss(
				'<p><video><noscript><svg onload="javascript:alert(1)"></svg></noscript></video>',
				'<p><video width="300" height="150"></video></p>'
			);
			testXss(
				'<p><video><script><svg onload="javascript:alert(1)"></svg></s' + 'cript></video>',
				'<p><video width="300" height="150"></video></p>'
			);
			testXss(
				'<p><audio><noscript><svg onload="javascript:alert(1)"></svg></noscript></audio>',
				'<p><audio></audio></p>'
			);
			testXss(
				'<p><audio><script><svg onload="javascript:alert(1)"></svg></s' + 'cript></audio>',
				'<p><audio></audio></p>'
			);
		});

		test("Generic iframe with an absolute URL should have a sandbox attribute", function () {
			editor.setContent('<iframe src="http://example.com"></iframe>');

			equal(getEditorContent(),
				'<p><iframe src="http://example.com" sandbox></iframe></p>',
				"Sandbox attribute should be added for generic iframes with absolute URLs"
			);
		});

		test("Iframe from a media provider (e.g., YouTube) should not have a sandbox", function () {
			editor.setContent('<iframe src="https://www.youtube.com/embed/1234"></iframe>');

			equal(getEditorContent(),
				'<p><iframe src="https://www.youtube.com/embed/videoID"></iframe></p>',
				"Sandbox attribute should not be added for iframes from media providers"
			);
		});

		test("Iframe with an existing sandbox should retain its sandbox attribute", function () {
			editor.setContent('<iframe src="http://example.com" sandbox="allow-scripts allow-same-origin"></iframe>');

			equal(getEditorContent(),
				'<p><iframe src="http://example.com" sandbox="allow-scripts allow-same-origin"></iframe></p>',
				"Existing sandbox attribute should be retained"
			);
		});

		test("Iframe with a relative URL should not have a sandbox", function () {			
			console.log(editor);
			
			editor.setContent('<iframe src="/relative/path"></iframe>');

			equal(getEditorContent(),
				'<p><iframe src="/relative/path"></iframe></p>',
				"Sandbox attribute should not be added for iframes with relative URLs"
			);
		});

		tinymce.init({
			mode: "exact",
			elements: "elm1",
			theme: "advanced",
			add_unload_trigger: false,
			language_load: false,
			plugins: 'textpattern',
			schema: 'mixed',
			compress: {
				'css': true,
				'javascript': true
			},
			init_instance_callback: function (ed) {
				editor = ed;
				QUnit.start();
			}
		});
	</script>

	<h1 id="qunit-header">Unit tests for the Paste plugin</h1>
	<h2 id="qunit-banner"></h2>
	<div id="qunit-testrunner-toolbar"></div>
	<h2 id="qunit-userAgent"></h2>
	<ol id="qunit-tests"></ol>

	<textarea id="elm1" name="elm1"></textarea>
	<div>
		<a href="javascript:alert(tinymce.EditorManager.get('elm1').getContent({format : 'raw'}));">[getRawContents]</a>
		<a href="javascript:alert(tinymce.EditorManager.get('elm1').getContent());">[getContents]</a>
	</div>
</body>

</html>

Anon7 - 2022
AnonSec Team