HTML API: Rely on assertEqualHTML in oEmbed filtering tests.

dmsnell · dmsnell · commit b84fc32f9b30 · 2025-10-19T00:17:57.000Z
As part of ongoing work to improve the reliability of HTML parsing code in WordPress, this patch replaces the use of PCRE matches in oEmbed filtering tests with semantic assertions via the HTML API and `assertEqualHTML()`. Developed in #9259 Discussed in https://core.trac.wordpress.org/ticket/63694 Props dmsnell, jonsurrell. See #63694 git-svn-id: https://develop.svn.wordpress.org/trunk@60972 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/tests/phpunit/tests/oembed/filterResult.php b/tests/phpunit/tests/oembed/filterResult.php
@@ -9,26 +9,57 @@ public function test_filter_oembed_result_trusted_malicious_iframe() {
 
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), 'https://www.youtube.com/watch?v=72xdCU__XCk' );
 
-		$this->assertSame( $html, $actual );
+		$this->assertEqualHTML( $html, $actual );
 	}
 
 	public function test_filter_oembed_result_with_untrusted_provider() {
 		$html   = '<p></p><iframe onload="alert(1)" src="http://example.com/sample-page/"></iframe>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), 'http://example.com/sample-page/' );
 
-		$matches = array();
-		preg_match( '|src=".*#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
+		$processor = new WP_HTML_Tag_Processor( $actual );
 
-		$this->assertArrayHasKey( 1, $matches );
-		$this->assertArrayHasKey( 2, $matches );
-		$this->assertSame( $matches[1], $matches[2] );
+		$this->assertTrue(
+			$processor->next_tag( 'IFRAME' ),
+			'Failed to find expected IFRAME element in filtered output.'
+		);
+
+		$src = $processor->get_attribute( 'src' );
+		$this->assertIsString(
+			$src,
+			isset( $src )
+				? 'Expected "src" attribute on IFRAME with string value but found boolean attribute instead.'
+				: 'Failed to find expected "src" attribute on IFRAME element.'
+		);
+
+		$query_string = parse_url( $src, PHP_URL_FRAGMENT );
+		$this->assertStringStartsWith(
+			'?',
+			$query_string,
+			'Should have found URL fragment in "src" attribute resembling a query string.'
+		);
+
+		$query_string = substr( $query_string, 1 );
+		$query_args   = array();
+		parse_str( $query_string, $query_args );
+
+		$this->assertArrayHasKey(
+			'secret',
+			$query_args,
+			'Failed to find expected query arg "secret" in IFRAME "src" attribute.'
+		);
+
+		$this->assertSame(
+			$query_args['secret'],
+			$processor->get_attribute( 'data-secret' ),
+			'Expected to find identical copy of secret from IFRAME "src" in the "data-secret" attribute.'
+		);
 	}
 
 	public function test_filter_oembed_result_only_one_iframe_is_allowed() {
 		$html   = '<div><iframe></iframe><iframe></iframe><p></p></div>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertSame( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
+		$this->assertEqualHTML( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
 	}
 
 	public function test_filter_oembed_result_with_newlines() {
@@ -41,7 +72,7 @@ public function test_filter_oembed_result_with_newlines() {
 
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertSame( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
+		$this->assertEqualHTML( '<iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"></iframe>', $actual );
 	}
 
 	public function test_filter_oembed_result_without_iframe() {
@@ -60,18 +91,48 @@ public function test_filter_oembed_result_secret_param_available() {
 		$html   = '<iframe src="https://wordpress.org"></iframe>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$matches = array();
-		preg_match( '|src="https://wordpress.org#\?secret=([\w\d]+)" data-secret="([\w\d]+)"|', $actual, $matches );
+		$processor = new WP_HTML_Tag_Processor( $actual );
 
-		$this->assertArrayHasKey( 1, $matches );
-		$this->assertArrayHasKey( 2, $matches );
-		$this->assertSame( $matches[1], $matches[2] );
+		$this->assertTrue(
+			$processor->next_tag( 'IFRAME' ),
+			'Failed to find expected IFRAME element in filtered output.'
+		);
+
+		$src = $processor->get_attribute( 'src' );
+		$this->assertMatchesRegularExpression(
+			'~^https://wordpress.org~',
+			$src,
+			'Failed to find expected "src" attribute on IFRAME element.'
+		);
+
+		$query_string = parse_url( $src, PHP_URL_FRAGMENT );
+		$this->assertStringStartsWith(
+			'?',
+			$query_string,
+			'Should have found URL fragment in "src" attribute resembling a query string.'
+		);
+
+		$query_string = substr( $query_string, 1 );
+		$query_args   = array();
+		parse_str( $query_string, $query_args );
+
+		$this->assertArrayHasKey(
+			'secret',
+			$query_args,
+			'Failed to find expected query arg "secret" in IFRAME "src" attribute.'
+		);
+
+		$this->assertSame(
+			$query_args['secret'],
+			$processor->get_attribute( 'data-secret' ),
+			'Expected to find identical copy of secret from IFRAME "src" in the "data-secret" attribute.'
+		);
 	}
 
 	public function test_filter_oembed_result_wrong_type_provided() {
 		$actual = wp_filter_oembed_result( 'some string', (object) array( 'type' => 'link' ), '' );
 
-		$this->assertSame( 'some string', $actual );
+		$this->assertEqualHTML( 'some string', $actual );
 	}
 
 	public function test_filter_oembed_result_invalid_result() {
@@ -83,14 +144,14 @@ public function test_filter_oembed_result_blockquote_adds_style_to_iframe() {
 		$html   = '<blockquote></blockquote><iframe></iframe>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertSame( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
+		$this->assertEqualHTML( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
 	}
 
 	public function test_filter_oembed_result_allowed_html() {
 		$html   = '<blockquote class="foo" id="bar"><strong><a href="" target=""></a></strong></blockquote><iframe></iframe>';
 		$actual = wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' );
 
-		$this->assertSame( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
+		$this->assertEqualHTML( '<blockquote class="wp-embedded-content"><a href=""></a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;"></iframe>', $actual );
 	}
 
 	public function data_wp_filter_pre_oembed_custom_result() {
@@ -124,7 +185,7 @@ public function test_wp_filter_pre_oembed_custom_result( $html, $expected ) {
 			'html'  => $html,
 		);
 		$actual = _wp_oembed_get_object()->data2html( $data, 'https://untrusted.localhost' );
-		$this->assertSame( $expected, $actual );
+		$this->assertEqualHTML( $expected, $actual );
 	}
 
 	/**
@@ -134,6 +195,6 @@ public function test_filter_feed_content() {
 		$html   = '<blockquote></blockquote><iframe></iframe>';
 		$actual = _oembed_filter_feed_content( wp_filter_oembed_result( $html, (object) array( 'type' => 'rich' ), '' ) );
 
-		$this->assertSame( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" ></iframe>', $actual );
+		$this->assertEqualHTML( '<blockquote class="wp-embedded-content"></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" ></iframe>', $actual );
 	}
 }
diff --git a/tests/phpunit/tests/oembed/filterTitleAttributes.php b/tests/phpunit/tests/oembed/filterTitleAttributes.php
@@ -67,7 +67,7 @@ public function data_filter_oembed_iframe_title_attribute() {
 	public function test_oembed_iframe_title_attribute( $html, $oembed_data, $url, $expected ) {
 		$actual = wp_filter_oembed_iframe_title_attribute( $html, (object) $oembed_data, $url );
 
-		$this->assertSame( $expected, $actual );
+		$this->assertEqualHTML( $expected, $actual );
 	}
 
 	public function test_filter_oembed_iframe_title_attribute() {
@@ -84,7 +84,7 @@ public function test_filter_oembed_iframe_title_attribute() {
 
 		remove_filter( 'oembed_iframe_title_attribute', array( $this, '_filter_oembed_iframe_title_attribute' ) );
 
-		$this->assertSame( '<iframe title="Baz" src=""></iframe>', $actual );
+		$this->assertEqualHTML( '<iframe title="Baz" src=""></iframe>', $actual );
 	}
 
 	public function test_filter_oembed_iframe_title_attribute_does_not_modify_other_tags() {
@@ -101,7 +101,7 @@ public function test_filter_oembed_iframe_title_attribute_does_not_modify_other_
 
 		remove_filter( 'oembed_iframe_title_attribute', array( $this, '_filter_oembed_iframe_title_attribute' ) );
 
-		$this->assertSame( '<p title="Bar">Baz</p><iframe title="Baz" src=""></iframe>', $actual );
+		$this->assertEqualHTML( '<p title="Bar">Baz</p><iframe title="Baz" src=""></iframe>', $actual );
 	}
 
 	public function _filter_oembed_iframe_title_attribute() {

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ public function data_filter_oembed_iframe_title_attribute() {`
`67`	`67`	`public function test_oembed_iframe_title_attribute( $html, $oembed_data, $url, $expected ) {`
`68`	`68`	`$actual = wp_filter_oembed_iframe_title_attribute( $html, (object) $oembed_data, $url );`
`69`	`69`
`70`		`- $this->assertSame( $expected, $actual );`
	`70`	`+ $this->assertEqualHTML( $expected, $actual );`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`public function test_filter_oembed_iframe_title_attribute() {`
`@@ -84,7 +84,7 @@ public function test_filter_oembed_iframe_title_attribute() {`
`84`	`84`
`85`	`85`	`remove_filter( 'oembed_iframe_title_attribute', array( $this, '_filter_oembed_iframe_title_attribute' ) );`
`86`	`86`
`87`		`- $this->assertSame( '<iframe title="Baz" src=""></iframe>', $actual );`
	`87`	`+ $this->assertEqualHTML( '<iframe title="Baz" src=""></iframe>', $actual );`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`public function test_filter_oembed_iframe_title_attribute_does_not_modify_other_tags() {`
`@@ -101,7 +101,7 @@ public function test_filter_oembed_iframe_title_attribute_does_not_modify_other_`
`101`	`101`
`102`	`102`	`remove_filter( 'oembed_iframe_title_attribute', array( $this, '_filter_oembed_iframe_title_attribute' ) );`
`103`	`103`
`104`		`- $this->assertSame( '<p title="Bar">Baz</p><iframe title="Baz" src=""></iframe>', $actual );`
	`104`	`+ $this->assertEqualHTML( '<p title="Bar">Baz</p><iframe title="Baz" src=""></iframe>', $actual );`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`public function _filter_oembed_iframe_title_attribute() {`