mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
Browse Source

Add unit tests for arrays and " 

OC_Util::sanitizeHTML() also supports array but we actually had no unit test for it. Additionally this commit introduces a test for escaping " into "
tags/v7.0.0alpha2
Lukas Reschke 10 years ago
parent
c1c2f2c49e
commit
f07180639c
2 changed files with 37 additions and 9 deletions
Split View Show Diff Stats
  1. 14
    4
      tests/lib/template.php
  2. 23
    5
      tests/lib/util.php

+ 14
- 4
tests/lib/template.php View File

@@ -28,13 +28,23 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase {
}

public function testP() {
// FIXME: do we need more testcases?
$htmlString = "<script>alert('xss');</script>";
$badString = '<img onload="alert(1)" />';
ob_start();
p($badString);
$result = ob_get_clean();
$this->assertEquals('&lt;img onload=&quot;alert(1)&quot; /&gt;', $result);

$badString = "<script>alert('Hacked!');</script>";
ob_start();
p($htmlString);
p($badString);
$result = ob_get_clean();
$this->assertEquals('&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;', $result);

$this->assertEquals("&lt;script&gt;alert(&#039;xss&#039;);&lt;/script&gt;", $result);
$goodString = 'This is a good string without HTML.';
ob_start();
p($goodString);
$result = ob_get_clean();
$this->assertEquals('This is a good string without HTML.', $result);
}

public function testPNormalString() {

+ 23
- 5
tests/lib/util.php View File

@@ -43,15 +43,33 @@ class Test_Util extends PHPUnit_Framework_TestCase {
}

function testSanitizeHTML() {
$badArray = array(
'While it is unusual to pass an array',
'this function actually <blink>supports</blink> it.',
'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!'
);
$goodArray = array(
'While it is unusual to pass an array',
'this function actually &lt;blink&gt;supports&lt;/blink&gt; it.',
'And therefore there needs to be a &lt;script&gt;alert(&quot;Unit&quot;+&#039;test&#039;)&lt;/script&gt; for it!'
);
$result = OC_Util::sanitizeHTML($badArray);
$this->assertEquals($goodArray, $result);

$badString = '<img onload="alert(1)" />';
$result = OC_Util::sanitizeHTML($badString);
$this->assertEquals('&lt;img onload=&quot;alert(1)&quot; /&gt;', $result);

$badString = "<script>alert('Hacked!');</script>";
$result = OC_Util::sanitizeHTML($badString);
$this->assertEquals("&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;", $result);
$this->assertEquals('&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;', $result);

$goodString = "This is an harmless string.";
$goodString = 'This is a good string without HTML.';
$result = OC_Util::sanitizeHTML($goodString);
$this->assertEquals("This is an harmless string.", $result);
}
$this->assertEquals('This is a good string without HTML.', $result);
}


function testEncodePath(){
$component = '/§#@test%&^ä/-child';
$result = OC_Util::encodePath($component);

Write Preview
Loading…
Cancel
Save