diff options
author | Harald Eilertsen <haraldei@anduin.net> | 2023-07-02 19:12:09 +0200 |
---|---|---|
committer | Harald Eilertsen <haraldei@anduin.net> | 2023-07-12 20:42:36 +0200 |
commit | b0b0973e2dce0f430639aaf73b0fc538e1df44ab (patch) | |
tree | 1152bc6234b3339b981c4ccc1b6ed6bf1b30b494 | |
parent | 3d866e89757b8aafe58489f9575f6895029090d1 (diff) | |
download | volse-hubzilla-b0b0973e2dce0f430639aaf73b0fc538e1df44ab.tar.gz volse-hubzilla-b0b0973e2dce0f430639aaf73b0fc538e1df44ab.tar.bz2 volse-hubzilla-b0b0973e2dce0f430639aaf73b0fc538e1df44ab.zip |
unit tests: Cosmetic fixes in AntiXSSTest.php
- Start comments with capital letter
- Fix indentation
- Add missing doc comments
-rw-r--r-- | tests/unit/AntiXSSTest.php | 54 |
1 files changed, 29 insertions, 25 deletions
diff --git a/tests/unit/AntiXSSTest.php b/tests/unit/AntiXSSTest.php index 09642726f..f4ee984bc 100644 --- a/tests/unit/AntiXSSTest.php +++ b/tests/unit/AntiXSSTest.php @@ -1,6 +1,6 @@ <?php /** - * tests several functions which are used to prevent xss attacks + * Tests several functions which are used to prevent xss attacks * * @package test.util */ @@ -12,7 +12,7 @@ require_once('include/text.php'); class AntiXSSTest extends TestCase { /** - * test, that tags are escaped + * Test, that tags are escaped */ public function testEscapeTags() { $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />'; @@ -24,28 +24,30 @@ class AntiXSSTest extends TestCase { $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); } - /** - * @dataProvider urlTestProvider - */ - public function testEscapeURL($url, $expected) : void { - $this->assertEquals($expected, escape_url($url)); - } - - public function urlTestProvider() : array { - return [ - [ - "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>", - "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>" - ], - [ - "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='", - "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='" - ], - ]; - } + /** + * Test escaping URL's to make them safe for use in html and attributes. + * + * @dataProvider urlTestProvider + */ + public function testEscapeURL($url, $expected) : void { + $this->assertEquals($expected, escape_url($url)); + } + + public function urlTestProvider() : array { + return [ + [ + "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>", + "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>" + ], + [ + "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='", + "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='" + ], + ]; + } /** - *xmlify and unxmlify + * Test xmlify and unxmlify */ public function testXmlify() { $text="<tag>I want to break\n this!11!<?hard?></tag>"; @@ -56,7 +58,7 @@ class AntiXSSTest extends TestCase { } /** - * xmlify and put in a document + * Test xmlify and put in a document */ public function testXmlifyDocument() { $tag="<tag>I want to break</tag>"; @@ -65,7 +67,9 @@ class AntiXSSTest extends TestCase { $xml_parser=xml_parser_create(); //should be possible to parse it - $values=array(); $index=array(); + $values=array(); + $index=array(); + $this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index)); $this->assertEquals(array('TEXT'=>array(0)), @@ -77,7 +81,7 @@ class AntiXSSTest extends TestCase { } /** - * test hex2bin and reverse + * Test hex2bin and reverse */ public function testHex2Bin() { $this->assertEquals(-3, hex2bin(bin2hex(-3))); |