diff options
author | Robin Appelman <icewind@owncloud.com> | 2014-04-25 11:47:06 +0200 |
---|---|---|
committer | Robin Appelman <icewind@owncloud.com> | 2014-04-25 11:47:06 +0200 |
commit | 6c20a014eaecd19c3f68143485c6f74891ee9643 (patch) | |
tree | 84bd8e37536e7f28a25afd7586c209d38a25d610 /tests/lib/util.php | |
parent | cd0c5990f895bcdce47acf2dbf11ebadd920a404 (diff) | |
parent | 3fc809dfd80a296d7da922a06f9e13d446b3d3f0 (diff) | |
download | nextcloud-server-6c20a014eaecd19c3f68143485c6f74891ee9643.tar.gz nextcloud-server-6c20a014eaecd19c3f68143485c6f74891ee9643.zip |
merge master into webdav-injection
Diffstat (limited to 'tests/lib/util.php')
-rw-r--r-- | tests/lib/util.php | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/tests/lib/util.php b/tests/lib/util.php index ee336aa1118..c4780cc5f48 100644 --- a/tests/lib/util.php +++ b/tests/lib/util.php @@ -43,15 +43,32 @@ class Test_Util extends PHPUnit_Framework_TestCase { } function testSanitizeHTML() { + $badArray = array( + 'While it is unusual to pass an array', + 'this function actually <blink>supports</blink> it.', + 'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!' + ); + $goodArray = array( + 'While it is unusual to pass an array', + 'this function actually <blink>supports</blink> it.', + 'And therefore there needs to be a <script>alert("Unit"+'test')</script> for it!' + ); + $result = OC_Util::sanitizeHTML($badArray); + $this->assertEquals($goodArray, $result); + + $badString = '<img onload="alert(1)" />'; + $result = OC_Util::sanitizeHTML($badString); + $this->assertEquals('<img onload="alert(1)" />', $result); + $badString = "<script>alert('Hacked!');</script>"; $result = OC_Util::sanitizeHTML($badString); - $this->assertEquals("<script>alert('Hacked!');</script>", $result); + $this->assertEquals('<script>alert('Hacked!');</script>', $result); - $goodString = "This is an harmless string."; + $goodString = 'This is a good string without HTML.'; $result = OC_Util::sanitizeHTML($goodString); - $this->assertEquals("This is an harmless string.", $result); + $this->assertEquals('This is a good string without HTML.', $result); } - + function testEncodePath(){ $component = '/§#@test%&^ä/-child'; $result = OC_Util::encodePath($component); |