Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

71 lines
1.8KB

  1. <?php
  2. /**
  3. * tests several functions which are used to prevent xss attacks
  4. *
  5. * @package test.util
  6. */
  7. require_once('include/text.php');
  8. class AntiXSSTest extends PHPUnit_Framework_TestCase {
  9. /**
  10. * test, that tags are escaped
  11. */
  12. public function testEscapeTags() {
  13. $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
  14. $validstring=notags($invalidstring);
  15. $escapedString=escape_tags($invalidstring);
  16. $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
  17. $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
  18. }
  19. /**
  20. *xmlify and unxmlify
  21. */
  22. public function testXmlify() {
  23. $text="<tag>I want to break\n this!11!<?hard?></tag>";
  24. $xml=xmlify($text);
  25. $retext=unxmlify($text);
  26. $this->assertEquals($text, $retext);
  27. }
  28. /**
  29. * xmlify and put in a document
  30. */
  31. public function testXmlifyDocument() {
  32. $tag="<tag>I want to break</tag>";
  33. $xml=xmlify($tag);
  34. $text='<text>'.$xml.'</text>';
  35. $xml_parser=xml_parser_create();
  36. //should be possible to parse it
  37. $values=array(); $index=array();
  38. $this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
  39. $this->assertEquals(array('TEXT'=>array(0)),
  40. $index);
  41. $this->assertEquals(array(array('tag'=>'TEXT', 'type'=>'complete', 'level'=>1, 'value'=>$tag)),
  42. $values);
  43. xml_parser_free($xml_parser);
  44. }
  45. /**
  46. * test hex2bin and reverse
  47. */
  48. public function testHex2Bin() {
  49. $this->assertEquals(-3, hex2bin(bin2hex(-3)));
  50. $this->assertEquals(0, hex2bin(bin2hex(0)));
  51. $this->assertEquals(12, hex2bin(bin2hex(12)));
  52. $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
  53. }
  54. //function qp, quick and dirty??
  55. //get_mentions
  56. //get_contact_block, bis Zeile 538
  57. }