friendica/tests/xss_filter_test.php

72 lines
1.8 KiB
PHP
Raw Normal View History

2012-03-08 17:43:12 +01:00
<?php
/**
2012-03-14 12:54:49 +01:00
* tests several functions which are used to prevent xss attacks
*
2012-03-09 12:16:58 +01:00
* @package test.util
*/
2012-03-08 17:43:12 +01:00
2012-03-09 12:16:58 +01:00
require_once('include/text.php');
2012-03-08 17:43:12 +01:00
class AntiXSSTest extends PHPUnit_Framework_TestCase {
2012-03-09 12:16:58 +01:00
/**
2012-03-14 12:54:49 +01:00
* test, that tags are escaped
2012-03-09 12:16:58 +01:00
*/
2012-03-08 17:43:12 +01:00
public function testEscapeTags() {
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
$validstring=notags($invalidstring);
$escapedString=escape_tags($invalidstring);
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
$this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
}
/**
*xmlify and unxmlify
*/
public function testXmlify() {
2012-03-09 12:16:58 +01:00
$text="<tag>I want to break\n this!11!<?hard?></tag>";
2012-03-15 10:51:22 +01:00
$xml=xmlify($text);
2012-03-08 17:43:12 +01:00
$retext=unxmlify($text);
$this->assertEquals($text, $retext);
}
2012-03-15 10:51:22 +01:00
/**
* xmlify and put in a document
*/
public function testXmlifyDocument() {
$tag="<tag>I want to break</tag>";
$xml=xmlify($tag);
$text='<text>'.$xml.'</text>';
$xml_parser=xml_parser_create();
//should be possible to parse it
$values=array(); $index=array();
$this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
$this->assertEquals(array('TEXT'=>array(0)),
$index);
$this->assertEquals(array(array('tag'=>'TEXT', 'type'=>'complete', 'level'=>1, 'value'=>$tag)),
$values);
xml_parser_free($xml_parser);
}
2012-03-08 17:43:12 +01:00
/**
* test hex2bin and reverse
*/
public function testHex2Bin() {
$this->assertEquals(-3, hex2bin(bin2hex(-3)));
$this->assertEquals(0, hex2bin(bin2hex(0)));
$this->assertEquals(12, hex2bin(bin2hex(12)));
$this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
}
2012-03-09 12:16:58 +01:00
//function qp, quick and dirty??
//get_mentions
//get_contact_block, bis Zeile 538
2012-03-08 17:43:12 +01:00
}
?>