diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-04-22 20:09:55 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-04-22 20:09:55 +0200 |
| commit | f07180639c5af149447bc573db58ee130575369e (patch) | |
| tree | 99f6f77b16f399c9afb1d2b642a89f29b83c06dc /tests/lib/template.php | |
| parent | c1c2f2c49e4d30a7bd039837661af143054b6769 (diff) | |
| download | nextcloud-server-f07180639c5af149447bc573db58ee130575369e.tar.gz nextcloud-server-f07180639c5af149447bc573db58ee130575369e.zip | |
Add unit tests for arrays and "
OC_Util::sanitizeHTML() also supports array but we actually had no unit test for it. Additionally this commit introduces a test for escaping " into "
Diffstat (limited to 'tests/lib/template.php')
| -rw-r--r-- | tests/lib/template.php | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/tests/lib/template.php b/tests/lib/template.php index b4f1a4c4053..b3d0975b793 100644 --- a/tests/lib/template.php +++ b/tests/lib/template.php @@ -28,13 +28,23 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { } public function testP() { - // FIXME: do we need more testcases? - $htmlString = "<script>alert('xss');</script>"; + $badString = '<img onload="alert(1)" />'; + ob_start(); + p($badString); + $result = ob_get_clean(); + $this->assertEquals('<img onload="alert(1)" />', $result); + + $badString = "<script>alert('Hacked!');</script>"; ob_start(); - p($htmlString); + p($badString); $result = ob_get_clean(); + $this->assertEquals('<script>alert('Hacked!');</script>', $result); - $this->assertEquals("<script>alert('xss');</script>", $result); + $goodString = 'This is a good string without HTML.'; + ob_start(); + p($goodString); + $result = ob_get_clean(); + $this->assertEquals('This is a good string without HTML.', $result); } public function testPNormalString() { |