|
|
@@ -28,46 +28,31 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { |
|
|
|
} |
|
|
|
|
|
|
|
public function testPJavaScript() { |
|
|
|
$badString = '<img onload="alert(1)" />'; |
|
|
|
ob_start(); |
|
|
|
p($badString); |
|
|
|
$result = ob_get_clean(); |
|
|
|
$this->assertEquals('<img onload="alert(1)" />', $result); |
|
|
|
$this->expectOutputString('<img onload="alert(1)" />'); |
|
|
|
p('<img onload="alert(1)" />'); |
|
|
|
} |
|
|
|
|
|
|
|
public function testPJavaScriptWithScriptTags() { |
|
|
|
$badString = "<script>alert('Hacked!');</script>"; |
|
|
|
ob_start(); |
|
|
|
p($badString); |
|
|
|
$result = ob_get_clean(); |
|
|
|
$this->assertEquals('<script>alert('Hacked!');</script>', $result); |
|
|
|
$this->expectOutputString('<script>alert('Hacked!');</script>'); |
|
|
|
p("<script>alert('Hacked!');</script>"); |
|
|
|
} |
|
|
|
|
|
|
|
public function testPNormalString() { |
|
|
|
$goodString = 'This is a good string without HTML.'; |
|
|
|
ob_start(); |
|
|
|
p($goodString); |
|
|
|
$result = ob_get_clean(); |
|
|
|
$this->assertEquals('This is a good string without HTML.', $result); |
|
|
|
$string = 'This is a good string without HTML.'; |
|
|
|
$this->expectOutputString($string); |
|
|
|
p($string); |
|
|
|
} |
|
|
|
|
|
|
|
public function testPrintUnescaped() { |
|
|
|
$htmlString = "<script>alert('xss');</script>"; |
|
|
|
|
|
|
|
ob_start(); |
|
|
|
$this->expectOutputString($htmlString); |
|
|
|
print_unescaped($htmlString); |
|
|
|
$result = ob_get_clean(); |
|
|
|
|
|
|
|
$this->assertEquals($htmlString, $result); |
|
|
|
} |
|
|
|
|
|
|
|
public function testPrintUnescapedNormalString() { |
|
|
|
$normalString = "This is a good string!"; |
|
|
|
ob_start(); |
|
|
|
print_unescaped($normalString); |
|
|
|
$result = ob_get_clean(); |
|
|
|
|
|
|
|
$this->assertEquals("This is a good string!", $result); |
|
|
|
$string = 'This is a good string!'; |
|
|
|
$this->expectOutputString($string); |
|
|
|
print_unescaped($string); |
|
|
|
} |
|
|
|
|
|
|
|
// --------------------------------------------------------------------------- |