Skip to content

test: add selector control attribute validation tests#261

Merged
nk-o merged 1 commit intomasterfrom
tests/selector-control-validation
Mar 4, 2026
Merged

test: add selector control attribute validation tests#261
nk-o merged 1 commit intomasterfrom
tests/selector-control-validation

Conversation

@Fellan-91
Copy link
Collaborator

@Fellan-91 Fellan-91 commented Feb 18, 2026

Summary

Add comprehensive unit and e2e tests to validate selector control attribute sanitization in Visual_Portfolio_Security.

Test Scenarios

1. Invalid selector values fall back to defaults

  • select type controls (posts_order_by) with invalid values reset to defaults
  • icons_selector type controls (items_style, sort) with invalid values reset to defaults
  • Verified via both PHPUnit assertions and preview endpoint rendering

2. String 'true' option values work correctly (PR #208)

  • show_date with value 'true' renders date meta
  • show_date with value 'human' renders human-readable dates
  • show_date with value 'false' hides dates
  • show_date with invalid value falls back to default 'false'
  • show_read_more with value 'true' renders read-more buttons
  • show_read_more with invalid value falls back to default

3. Dynamic value_callback selectors accept arbitrary values

  • post_types_set (which has a value_callback) accepts arbitrary values without resetting
  • Non-existent custom post type values don't cause fatal errors

Tests Added

PHPUnit (tests/phpunit/unit/test-class-security-selector.php)

20 new test cases covering:

  • sanitize_selector() - valid/invalid values, boolean string mapping
  • sanitize_icons_selector() - valid/invalid values
  • reset_control_attribute_to_default() - default retrieval
  • sanitize_attributes() - integration test with mixed valid/invalid values
  • Dynamic value_callback controls bypass validation

Playwright E2E (tests/e2e/specs/selector-control-values.spec.js)

14 tests covering:

  • Preview endpoint rendering with invalid selector values
  • Preview endpoint rendering with show_date and show_read_more controls
  • Dynamic callback selectors with arbitrary and custom post type values
  • Block rendering on published pages with invalid/valid selector values

Test Results

  • PHPUnit: 71 tests, 181 assertions — all passing ✅
  • Playwright E2E: 14 tests — all passing ✅

@Fellan-91
test: add selector control attribute validation tests
178af51 
Add comprehensive unit and e2e tests covering selector control value
sanitization in Visual_Portfolio_Security:

1. Invalid selector values fall back to defaults - tests for select and
   icons_selector controls (posts_order_by, items_style, sort)
2. String 'true' option values work correctly - validates PR #208 fix
   for show_date and show_read_more controls
3. Dynamic value_callback selectors accept arbitrary values without
   resetting (post_types_set)

PHPUnit: 20 new test cases covering sanitize_selector,
sanitize_icons_selector, reset_control_attribute_to_default, and
sanitize_attributes integration.

Playwright E2E: 14 tests covering preview endpoint rendering and
block rendering with invalid/valid selector values.
@nk-o nk-o merged commit b2b6e08 into master Mar 4, 2026
10 checks passed
@nk-o nk-o deleted the tests/selector-control-validation branch March 4, 2026 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Fellan-91 @nk-o