aboutsummaryrefslogtreecommitdiffstats
path: root/tests/unit/AntiXSSTest.php
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2023-07-02 19:12:09 +0200
committerHarald Eilertsen <haraldei@anduin.net>2023-07-12 20:42:36 +0200
commitb0b0973e2dce0f430639aaf73b0fc538e1df44ab (patch)
tree1152bc6234b3339b981c4ccc1b6ed6bf1b30b494 /tests/unit/AntiXSSTest.php
parent3d866e89757b8aafe58489f9575f6895029090d1 (diff)
downloadvolse-hubzilla-b0b0973e2dce0f430639aaf73b0fc538e1df44ab.tar.gz
volse-hubzilla-b0b0973e2dce0f430639aaf73b0fc538e1df44ab.tar.bz2
volse-hubzilla-b0b0973e2dce0f430639aaf73b0fc538e1df44ab.zip
unit tests: Cosmetic fixes in AntiXSSTest.php
- Start comments with capital letter - Fix indentation - Add missing doc comments
Diffstat (limited to 'tests/unit/AntiXSSTest.php')
-rw-r--r--tests/unit/AntiXSSTest.php54
1 files changed, 29 insertions, 25 deletions
diff --git a/tests/unit/AntiXSSTest.php b/tests/unit/AntiXSSTest.php
index 09642726f..f4ee984bc 100644
--- a/tests/unit/AntiXSSTest.php
+++ b/tests/unit/AntiXSSTest.php
@@ -1,6 +1,6 @@
<?php
/**
- * tests several functions which are used to prevent xss attacks
+ * Tests several functions which are used to prevent xss attacks
*
* @package test.util
*/
@@ -12,7 +12,7 @@ require_once('include/text.php');
class AntiXSSTest extends TestCase {
/**
- * test, that tags are escaped
+ * Test, that tags are escaped
*/
public function testEscapeTags() {
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
@@ -24,28 +24,30 @@ class AntiXSSTest extends TestCase {
$this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
}
- /**
- * @dataProvider urlTestProvider
- */
- public function testEscapeURL($url, $expected) : void {
- $this->assertEquals($expected, escape_url($url));
- }
-
- public function urlTestProvider() : array {
- return [
- [
- "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>",
- "https://example.com/settings/calendar/?f=&amp;rpath=https://example.com/cdav/calendar&apos;&gt;&lt;script&gt;alert(&apos;boom&apos;)&lt;/script&gt;"
- ],
- [
- "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='",
- "settings/calendar/?f=&amp;rpath=https://example.com&apos;+accesskey=x+onclick=alert(/boom/);a=&apos;"
- ],
- ];
- }
+ /**
+ * Test escaping URL's to make them safe for use in html and attributes.
+ *
+ * @dataProvider urlTestProvider
+ */
+ public function testEscapeURL($url, $expected) : void {
+ $this->assertEquals($expected, escape_url($url));
+ }
+
+ public function urlTestProvider() : array {
+ return [
+ [
+ "https://example.com/settings/calendar/?f=&rpath=https://example.com/cdav/calendar'><script>alert('boom')</script>",
+ "https://example.com/settings/calendar/?f=&amp;rpath=https://example.com/cdav/calendar&apos;&gt;&lt;script&gt;alert(&apos;boom&apos;)&lt;/script&gt;"
+ ],
+ [
+ "settings/calendar/?f=&rpath=https://example.com'+accesskey=x+onclick=alert(/boom/);a='",
+ "settings/calendar/?f=&amp;rpath=https://example.com&apos;+accesskey=x+onclick=alert(/boom/);a=&apos;"
+ ],
+ ];
+ }
/**
- *xmlify and unxmlify
+ * Test xmlify and unxmlify
*/
public function testXmlify() {
$text="<tag>I want to break\n this!11!<?hard?></tag>";
@@ -56,7 +58,7 @@ class AntiXSSTest extends TestCase {
}
/**
- * xmlify and put in a document
+ * Test xmlify and put in a document
*/
public function testXmlifyDocument() {
$tag="<tag>I want to break</tag>";
@@ -65,7 +67,9 @@ class AntiXSSTest extends TestCase {
$xml_parser=xml_parser_create();
//should be possible to parse it
- $values=array(); $index=array();
+ $values=array();
+ $index=array();
+
$this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
$this->assertEquals(array('TEXT'=>array(0)),
@@ -77,7 +81,7 @@ class AntiXSSTest extends TestCase {
}
/**
- * test hex2bin and reverse
+ * Test hex2bin and reverse
*/
public function testHex2Bin() {
$this->assertEquals(-3, hex2bin(bin2hex(-3)));