aboutsummaryrefslogtreecommitdiffstats
path: root/tests/unit/AntiXSSTest.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2023-11-25 17:12:28 +0100
committerMario <mario@mariovavti.com>2023-11-25 17:12:28 +0100
commit0fd8e02a884a2b040dca62ab5d9674db5f6a070b (patch)
tree586ee43f32f6f14368c09026f21dcd3244ea24b6 /tests/unit/AntiXSSTest.php
parent82e704ec5b107823c09f1387e9091adee53a4c2d (diff)
parent55c4bfb67009c598f25b1a8189604bfffa73dfbb (diff)
downloadvolse-hubzilla-0fd8e02a884a2b040dca62ab5d9674db5f6a070b.tar.gz
volse-hubzilla-0fd8e02a884a2b040dca62ab5d9674db5f6a070b.tar.bz2
volse-hubzilla-0fd8e02a884a2b040dca62ab5d9674db5f6a070b.zip
Merge branch '8.8RC'8.8
Diffstat (limited to 'tests/unit/AntiXSSTest.php')
-rw-r--r--tests/unit/AntiXSSTest.php62
1 files changed, 27 insertions, 35 deletions
diff --git a/tests/unit/AntiXSSTest.php b/tests/unit/AntiXSSTest.php
index 09642726f..1de9d54cd 100644
--- a/tests/unit/AntiXSSTest.php
+++ b/tests/unit/AntiXSSTest.php
@@ -1,18 +1,16 @@
<?php
/**
- * tests several functions which are used to prevent xss attacks
+ * Tests several functions which are used to prevent xss attacks
*
* @package test.util
*/
use PHPUnit\Framework\TestCase;
-require_once('include/text.php');
-
class AntiXSSTest extends TestCase {
/**
- * test, that tags are escaped
+ * Test, that tags are escaped
*/
public function testEscapeTags() {
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
@@ -24,28 +22,30 @@ class AntiXSSTest extends TestCase {
$this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
}
- /**
- * @dataProvider urlTestProvider
- */
- public function testEscapeURL($url, $expected) : void {
- $this->assertEquals($expected, escape_url($url));
- }
+ /**
+ * Test escaping URL's to make them safe for use in html and attributes.
+ *
+ * @dataProvider urlTestProvider
+ */
+ public function testEscapeURL($url, $expected) : void {
+ $this->assertEquals($expected, escape_url($url));
+ }
- public function urlTestProvider() : array {
- return [
- [
- "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>",
- "https://example.com/settings/calendar/?f=&amp;rpath=https://example.com/cdav/calendar&apos;&gt;&lt;script&gt;alert(&apos;boom&apos;)&lt;/script&gt;"
- ],
- [
- "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='",
- "settings/calendar/?f=&amp;rpath=https://example.com&apos;+accesskey=x+onclick=alert(/boom/);a=&apos;"
- ],
- ];
- }
+ public function urlTestProvider() : array {
+ return [
+ [
+ "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>",
+ "https://example.com/settings/calendar/?f=&amp;rpath=https://example.com/cdav/calendar&apos;&gt;&lt;script&gt;alert(&apos;boom&apos;)&lt;/script&gt;"
+ ],
+ [
+ "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='",
+ "settings/calendar/?f=&amp;rpath=https://example.com&apos;+accesskey=x+onclick=alert(/boom/);a=&apos;"
+ ],
+ ];
+ }
/**
- *xmlify and unxmlify
+ * Test xmlify and unxmlify
*/
public function testXmlify() {
$text="<tag>I want to break\n this!11!<?hard?></tag>";
@@ -56,7 +56,7 @@ class AntiXSSTest extends TestCase {
}
/**
- * xmlify and put in a document
+ * Test xmlify and put in a document
*/
public function testXmlifyDocument() {
$tag="<tag>I want to break</tag>";
@@ -65,7 +65,9 @@ class AntiXSSTest extends TestCase {
$xml_parser=xml_parser_create();
//should be possible to parse it
- $values=array(); $index=array();
+ $values=array();
+ $index=array();
+
$this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
$this->assertEquals(array('TEXT'=>array(0)),
@@ -76,16 +78,6 @@ class AntiXSSTest extends TestCase {
xml_parser_free($xml_parser);
}
- /**
- * test hex2bin and reverse
- */
- public function testHex2Bin() {
- $this->assertEquals(-3, hex2bin(bin2hex(-3)));
- $this->assertEquals(0, hex2bin(bin2hex(0)));
- $this->assertEquals(12, hex2bin(bin2hex(12)));
- $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
- }
-
//function qp, quick and dirty??
//get_mentions
//get_contact_block, bis Zeile 538