|
|
@@ -43,15 +43,33 @@ class Test_Util extends PHPUnit_Framework_TestCase { |
|
|
|
} |
|
|
|
|
|
|
|
function testSanitizeHTML() { |
|
|
|
$badArray = array( |
|
|
|
'While it is unusual to pass an array', |
|
|
|
'this function actually <blink>supports</blink> it.', |
|
|
|
'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!' |
|
|
|
); |
|
|
|
$goodArray = array( |
|
|
|
'While it is unusual to pass an array', |
|
|
|
'this function actually <blink>supports</blink> it.', |
|
|
|
'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!' |
|
|
|
); |
|
|
|
$result = OC_Util::sanitizeHTML($badArray); |
|
|
|
$this->assertEquals($goodArray, $result); |
|
|
|
|
|
|
|
$badString = '<img onload="alert(1)" />'; |
|
|
|
$result = OC_Util::sanitizeHTML($badString); |
|
|
|
$this->assertEquals('<img onload="alert(1)" />', $result); |
|
|
|
|
|
|
|
$badString = "<script>alert('Hacked!');</script>"; |
|
|
|
$result = OC_Util::sanitizeHTML($badString); |
|
|
|
$this->assertEquals("<script>alert('Hacked!');</script>", $result); |
|
|
|
$this->assertEquals('<script>alert('Hacked!');</script>', $result); |
|
|
|
|
|
|
|
$goodString = "This is an harmless string."; |
|
|
|
$goodString = 'This is a good string without HTML.'; |
|
|
|
$result = OC_Util::sanitizeHTML($goodString); |
|
|
|
$this->assertEquals("This is an harmless string.", $result); |
|
|
|
} |
|
|
|
|
|
|
|
$this->assertEquals('This is a good string without HTML.', $result); |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
function testEncodePath(){ |
|
|
|
$component = '/§#@test%&^ä/-child'; |
|
|
|
$result = OC_Util::encodePath($component); |