tests/xss_filter_test.php

   1 <?php
   2 /**
   3  * tests several functions which are used to prevent xss attacks
   4  *
   5  * @package test.util
   6  */
   7
   8 require_once('include/text.php');
   9
  10 class AntiXSSTest extends PHPUnit_Framework_TestCase {
  11
  12         /**
  13          * test, that tags are escaped
  14          */
  15         public function testEscapeTags() {
  16                 $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
  17
  18                 $validstring=notags($invalidstring);
  19                 $escapedString=escape_tags($invalidstring);
  20
  21                 $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
  22                 $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
  23         }
  24
  25         /**
  26          *xmlify and unxmlify
  27          */
  28         public function testXmlify() {
  29                 $text="<tag>I want to break\n this!11!<?hard?></tag>";
  30                 $xml=xmlify($text); //test whether it actually may be part of a xml document
  31                 $retext=unxmlify($text);
  32
  33                 $this->assertEquals($text, $retext);
  34         }
  35
  36         /**
  37          * test hex2bin and reverse
  38          */
  39         public function testHex2Bin() {
  40                 $this->assertEquals(-3, hex2bin(bin2hex(-3)));
  41                 $this->assertEquals(0, hex2bin(bin2hex(0)));
  42                 $this->assertEquals(12, hex2bin(bin2hex(12)));
  43                 $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
  44         }
  45
  46         //function qp, quick and dirty??
  47         //get_mentions
  48         //get_contact_block, bis Zeile 538
  49 }
  50 ?>