}
public function testPJavaScript() {
- $badString = '<img onload="alert(1)" />';
- ob_start();
- p($badString);
- $result = ob_get_clean();
- $this->assertEquals('<img onload="alert(1)" />', $result);
+ $this->expectOutputString('<img onload="alert(1)" />');
+ p('<img onload="alert(1)" />');
}
public function testPJavaScriptWithScriptTags() {
- $badString = "<script>alert('Hacked!');</script>";
- ob_start();
- p($badString);
- $result = ob_get_clean();
- $this->assertEquals('<script>alert('Hacked!');</script>', $result);
+ $this->expectOutputString('<script>alert('Hacked!');</script>');
+ p("<script>alert('Hacked!');</script>");
}
public function testPNormalString() {
- $goodString = 'This is a good string without HTML.';
- ob_start();
- p($goodString);
- $result = ob_get_clean();
- $this->assertEquals('This is a good string without HTML.', $result);
+ $string = 'This is a good string without HTML.';
+ $this->expectOutputString($string);
+ p($string);
}
public function testPrintUnescaped() {
$htmlString = "<script>alert('xss');</script>";
-
- ob_start();
+ $this->expectOutputString($htmlString);
print_unescaped($htmlString);
- $result = ob_get_clean();
-
- $this->assertEquals($htmlString, $result);
}
public function testPrintUnescapedNormalString() {
- $normalString = "This is a good string!";
- ob_start();
- print_unescaped($normalString);
- $result = ob_get_clean();
-
- $this->assertEquals("This is a good string!", $result);
+ $string = 'This is a good string!';
+ $this->expectOutputString($string);
+ print_unescaped($string);
}
// ---------------------------------------------------------------------------