diff options
| -rw-r--r-- | tests/lib/template.php | 50 |
1 files changed, 15 insertions, 35 deletions
diff --git a/tests/lib/template.php b/tests/lib/template.php index b3d0975b793..eedf688721d 100644 --- a/tests/lib/template.php +++ b/tests/lib/template.php @@ -27,52 +27,32 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { $loader->load('OC_Template'); } - public function testP() { - $badString = '<img onload="alert(1)" />'; - ob_start(); - p($badString); - $result = ob_get_clean(); - $this->assertEquals('<img onload="alert(1)" />', $result); - - $badString = "<script>alert('Hacked!');</script>"; - ob_start(); - p($badString); - $result = ob_get_clean(); - $this->assertEquals('<script>alert('Hacked!');</script>', $result); - - $goodString = 'This is a good string without HTML.'; - ob_start(); - p($goodString); - $result = ob_get_clean(); - $this->assertEquals('This is a good string without HTML.', $result); + public function testPJavaScript() { + $this->expectOutputString('<img onload="alert(1)" />'); + p('<img onload="alert(1)" />'); } - public function testPNormalString() { - $normalString = "This is a good string!"; - ob_start(); - p($normalString); - $result = ob_get_clean(); + public function testPJavaScriptWithScriptTags() { + $this->expectOutputString('<script>alert('Hacked!');</script>'); + p("<script>alert('Hacked!');</script>"); + } - $this->assertEquals("This is a good string!", $result); + public function testPNormalString() { + $string = 'This is a good string without HTML.'; + $this->expectOutputString($string); + p($string); } public function testPrintUnescaped() { $htmlString = "<script>alert('xss');</script>"; - - ob_start(); + $this->expectOutputString($htmlString); print_unescaped($htmlString); - $result = ob_get_clean(); - - $this->assertEquals($htmlString, $result); } public function testPrintUnescapedNormalString() { - $normalString = "This is a good string!"; - ob_start(); - print_unescaped($normalString); - $result = ob_get_clean(); - - $this->assertEquals("This is a good string!", $result); + $string = 'This is a good string!'; + $this->expectOutputString($string); + print_unescaped($string); } // --------------------------------------------------------------------------- |