Project

General

Profile

Download (1.65 KB)

Bug #23377 » 15461_4-4_phpunit.diff

Administrator Admin, 2010-08-16 00:00

View differences:

tests/contrib/removexssTest.php (Arbeitskopie)
$this->assertEquals($expectedString, $actualString);
}
/**
* @test
*/
public function checkAttackHexEncodedCharacter() {
$testString = '<a href="j&#x61;vascript:alert(123);">click</a>';
$expectedString = '<a href="ja<x>vascript:alert(123);">click</a>';
$actualString = RemoveXSS::process($testString);
$this->assertEquals($expectedString, $actualString);
}
/**
* @test
*/
public function checkAttackNestedHexEncodedCharacter() {
$testString = '<a href="j&#x6&#x31;;vascript:alert(123);">click</a>';
$expectedString = '<a href="ja<x>vascript:alert(123);">click</a>';
$actualString = RemoveXSS::process($testString);
$this->assertEquals($expectedString, $actualString);
}
/**
* @test
*/
public function checkAttackUnicodeNumericalEncodedCharacter() {
$testString = '<a href="j&#65;vascript:alert(123);">click</a>';
$expectedString = '<a href="ja<x>vascript:alert(123);">click</a>';
$actualString = RemoveXSS::process($testString);
$this->assertEquals($expectedString, $actualString);
}
/**
* @test
*/
public function checkAttackNestedUnicodeNumericalEncodedCharacter() {
$testString = '<a href="j&#6&#53;;vascript:alert(123);">click</a>';
$expectedString = '<a href="ja<x>vascript:alert(123);">click</a>';
$actualString = RemoveXSS::process($testString);
$this->assertEquals($expectedString, $actualString);
}
}
?>
(5-5/8)