Add unit tests for arrays and "
OC_Util::sanitizeHTML() also supports array but we actually had no unit test for it. Additionally this commit introduces a test for escaping " into "
This commit is contained in:
parent
c1c2f2c49e
commit
f07180639c
|
@ -28,13 +28,23 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testP() {
|
public function testP() {
|
||||||
// FIXME: do we need more testcases?
|
$badString = '<img onload="alert(1)" />';
|
||||||
$htmlString = "<script>alert('xss');</script>";
|
|
||||||
ob_start();
|
ob_start();
|
||||||
p($htmlString);
|
p($badString);
|
||||||
$result = ob_get_clean();
|
$result = ob_get_clean();
|
||||||
|
$this->assertEquals('<img onload="alert(1)" />', $result);
|
||||||
|
|
||||||
$this->assertEquals("<script>alert('xss');</script>", $result);
|
$badString = "<script>alert('Hacked!');</script>";
|
||||||
|
ob_start();
|
||||||
|
p($badString);
|
||||||
|
$result = ob_get_clean();
|
||||||
|
$this->assertEquals('<script>alert('Hacked!');</script>', $result);
|
||||||
|
|
||||||
|
$goodString = 'This is a good string without HTML.';
|
||||||
|
ob_start();
|
||||||
|
p($goodString);
|
||||||
|
$result = ob_get_clean();
|
||||||
|
$this->assertEquals('This is a good string without HTML.', $result);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testPNormalString() {
|
public function testPNormalString() {
|
||||||
|
|
|
@ -43,14 +43,32 @@ class Test_Util extends PHPUnit_Framework_TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
function testSanitizeHTML() {
|
function testSanitizeHTML() {
|
||||||
|
$badArray = array(
|
||||||
|
'While it is unusual to pass an array',
|
||||||
|
'this function actually <blink>supports</blink> it.',
|
||||||
|
'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!'
|
||||||
|
);
|
||||||
|
$goodArray = array(
|
||||||
|
'While it is unusual to pass an array',
|
||||||
|
'this function actually <blink>supports</blink> it.',
|
||||||
|
'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!'
|
||||||
|
);
|
||||||
|
$result = OC_Util::sanitizeHTML($badArray);
|
||||||
|
$this->assertEquals($goodArray, $result);
|
||||||
|
|
||||||
|
$badString = '<img onload="alert(1)" />';
|
||||||
|
$result = OC_Util::sanitizeHTML($badString);
|
||||||
|
$this->assertEquals('<img onload="alert(1)" />', $result);
|
||||||
|
|
||||||
$badString = "<script>alert('Hacked!');</script>";
|
$badString = "<script>alert('Hacked!');</script>";
|
||||||
$result = OC_Util::sanitizeHTML($badString);
|
$result = OC_Util::sanitizeHTML($badString);
|
||||||
$this->assertEquals("<script>alert('Hacked!');</script>", $result);
|
$this->assertEquals('<script>alert('Hacked!');</script>', $result);
|
||||||
|
|
||||||
$goodString = "This is an harmless string.";
|
$goodString = 'This is a good string without HTML.';
|
||||||
$result = OC_Util::sanitizeHTML($goodString);
|
$result = OC_Util::sanitizeHTML($goodString);
|
||||||
$this->assertEquals("This is an harmless string.", $result);
|
$this->assertEquals('This is a good string without HTML.', $result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function testEncodePath(){
|
function testEncodePath(){
|
||||||
$component = '/§#@test%&^ä/-child';
|
$component = '/§#@test%&^ä/-child';
|
||||||
|
|
Loading…
Reference in New Issue