diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/xss_filter_test.php | 116 |
1 files changed, 90 insertions, 26 deletions
diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php index e480ef7ec..00e97cf98 100644 --- a/tests/xss_filter_test.php +++ b/tests/xss_filter_test.php @@ -1,16 +1,26 @@ <?php /** -* Tests, without pHPUnit by now -* @package test.util -*/ + * Tests, without pHPUnit by now + * @package test.util + */ -require_once('include/text.php'); +require_once("include/template_processor.php"); +require_once('include/text.php'); class AntiXSSTest extends PHPUnit_Framework_TestCase { -/** -* test no tags -*/ + public function setUp() { + set_include_path(
+ get_include_path() . PATH_SEPARATOR
+ . 'include' . PATH_SEPARATOR
+ . 'library' . PATH_SEPARATOR
+ . 'library/phpsec' . PATH_SEPARATOR
+ . '.' ); + } + + /** + * test no tags + */ public function testEscapeTags() { $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />'; @@ -53,12 +63,12 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $autoname1=autoname(-23); $this->assertEquals(0, count($autoname1)); } - -// public function testAutonameMaxLength() { -// $autoname2=autoname(PHP_INT_MAX); -// $this->assertEquals(PHP_INT_MAX, count($autoname2)); -// } - + + // public function testAutonameMaxLength() { + // $autoname2=autoname(PHP_INT_MAX); + // $this->assertEquals(PHP_INT_MAX, count($autoname2)); + // } + public function testAutonameLength1() { $autoname3=autoname(1); $this->assertEquals(1, count($autoname3)); @@ -68,7 +78,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { *xmlify and unxmlify */ public function testXmlify() { - $text="<tag>I want to break\n this!11!<?hard?></tag>"; + $text="<tag>I want to break\n this!11!<?hard?></tag>"; $xml=xmlify($text); //test whether it actually may be part of a xml document $retext=unxmlify($text); @@ -85,7 +95,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $this->assertEquals(12, hex2bin(bin2hex(12))); $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX))); } - + /** * test expand_acl */ @@ -93,7 +103,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $text="<1><2><3>"; $this->assertEquals(array(1, 2, 3), expand_acl($text)); } - + public function testExpandAclBigNumber() { $text="<1><279012><15>"; $this->assertEquals(array(1, 279012, 15), expand_acl($text)); @@ -133,19 +143,19 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $text="Another> invalid> string>"; //should be invalid $this->assertEquals(array(), expand_acl($text)); } - + public function testExpandAclOpenOnly() { $text="<Another< invalid string<"; //should be invalid $this->assertEquals(array(), expand_acl($text)); } - + public function testExpandAclNoMatching1() { $text="<Another<> invalid <string>"; //should be invalid $this->assertEquals(array(), expand_acl($text)); } - + public function testExpandAclNoMatching2() { - $text="<1>2><3>"; + $text="<1>2><3>"; $this->assertEquals(array(), expand_acl($text)); } @@ -166,7 +176,7 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $this->assertTrue(attribute_contains($testAttr, "class3")); $this->assertFalse(attribute_contains($testAttr, "class2")); } - + public function testAttributeContainsEmpty() { $testAttr=""; $this->assertFalse(attribute_contains($testAttr, "class2")); @@ -176,17 +186,71 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $testAttr="--... %\$รค() /(=?}"; $this->assertFalse(attribute_contains($testAttr, "class2")); } - + /** * test get_tags */ + public function testGetTagsShortPerson() { + $text="hi @Mike"; + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + } + + public function testGetTagsShortTag() {
+ $text="This is a #test_case";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals("#test_case", $tags[0]);
+ } + + public function testGetTagsShortTagAndPerson() {
+ $text="hi @Mike This is a #test_case";
+
+ $tags=get_tags($text);
+ + $this->assertEquals("@Mike", $tags[0]);
+ $this->assertEquals("#test_case", $tags[1]);
+ } + + public function testGetTagsShortTagAndPersonSpecialChars() {
+ $text="hi @Mike, This is a #test_case.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals("@Mike", $tags[0]);
+ $this->assertEquals("#test_case", $tags[1]);
+ } + + public function testGetTagsPersonOnly() { + $text="@Mike I saw the Theme Dev group was created."; + + $tags=get_tags($text);
+
+ $this->assertEquals("@Mike", $tags[0]); + } + + public function testGetTags2Persons1TagSpecialChars() {
+ $text="hi @Mike, I'm just writing #test_cases, so" + ." so @somebody@friendica.com may change #things.";
+
+ $tags=get_tags($text);
+
+ $this->assertEquals("@Mike", $tags[0]);
+ $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]);
+ } + public function testGetTags() { $text="hi @Mike, I'm just writing #test_cases, " ." so @somebody@friendica.com may change #things. Of course I " ."look for a lot of #pitfalls, like #tags at the end of a sentence " ."@comment. I hope noone forgets about @fullstops.because that might" ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " - ."Now, add a @first_last tag. "; + ."Now, add a @first_last tag. "; //check whether this are all variants (no, auto-stuff is missing). $tags=get_tags($text); @@ -210,8 +274,8 @@ class AntiXSSTest extends PHPUnit_Framework_TestCase { $tags=get_tags(""); $this->assertEquals(0, count($tags)); } -//function qp, quick and dirty?? -//get_mentions -//get_contact_block, bis Zeile 538 + //function qp, quick and dirty?? + //get_mentions + //get_contact_block, bis Zeile 538 } ?> |