diff options
| author | Mario Vavti <mario@mariovavti.com> | 2022-03-29 11:42:53 +0200 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2022-03-29 11:42:53 +0200 |
| commit | 0784cd593a39a4fc297e8a82f7e79bc8019a0868 (patch) | |
| tree | 22182afb37cf460f8208fff9d276a0672add3185 /tests/unit/AntiXSSTest.php | |
| parent | 0e2e9321025f87fe9587f3d183adaea6185e4e20 (diff) | |
| parent | 9c5d2ee5630dd7033904039dcd1e92db8821b644 (diff) | |
| download | volse-hubzilla-0784cd593a39a4fc297e8a82f7e79bc8019a0868.tar.gz volse-hubzilla-0784cd593a39a4fc297e8a82f7e79bc8019a0868.tar.bz2 volse-hubzilla-0784cd593a39a4fc297e8a82f7e79bc8019a0868.zip | |
Merge branch '7.2RC'7.2
Diffstat (limited to 'tests/unit/AntiXSSTest.php')
| -rw-r--r-- | tests/unit/AntiXSSTest.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/unit/AntiXSSTest.php b/tests/unit/AntiXSSTest.php index b45042a1e..09642726f 100644 --- a/tests/unit/AntiXSSTest.php +++ b/tests/unit/AntiXSSTest.php @@ -24,6 +24,26 @@ class AntiXSSTest extends TestCase { $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); } + /** + * @dataProvider urlTestProvider + */ + public function testEscapeURL($url, $expected) : void { + $this->assertEquals($expected, escape_url($url)); + } + + public function urlTestProvider() : array { + return [ + [ + "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>", + "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>" + ], + [ + "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='", + "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='" + ], + ]; + } + /** *xmlify and unxmlify */ |