mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-16 03:24:20 +02:00
Code Issues Releases Wiki Activity

Issue #4102 Parsing of < or >

Browse Source
This commit is contained in:
Cameron
2020-02-17 13:13:06 -08:00
parent 15c97cf73a
commit df764389a8
2 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
e107_tests/tests/unit/e_parseTest.php
View File

@@ -247,7 +247,7 @@ TMP;
$tests = array(
0 => array(
'input' => "<svg/onload=prompt(1)//",
'expected' => ''
'expected' => '&lt;svg/onload=prompt(1)//'
),
1 => array(
'input' => "some plain text with a\nline break",
@@ -337,6 +337,10 @@ TMP;
'expected' => '&lt;a href=&quot;&quot;&gt;Hello&lt;/a&gt;',
'mode' => 'no_html',
),
22 => array(
'input' => '< 200',
'expected' => '&lt; 200',
),
);
@@ -811,7 +815,9 @@ TMP;
3 => array("<div class='something'>[code]something[/code]</div>", true),
4 => array("[code]&lt;b&gt;someting&lt;/b&gt;[/code]", false),
5 => array("[html]something[/html]", true),
6 => array("http://something.com/index.php?what=ever", false)
6 => array("http://something.com/index.php?what=ever", false),
7 => array("< 200", false),
8 => array("<200>", true),
);
@@ -958,15 +964,17 @@ TMP;
public function testCleanHtml()
{
$tests = array(
0 => array('html' => "<svg/onload=prompt(1)//", 'expected' => ''),
1 => array('html' => '<script>alert(123)</script>', 'expected'=>''),
2 => array('html' => '"><script>alert(123)</script>', 'expected'=>'"&gt;'),
0 => array('html' => "<svg/onload=prompt(1)//", 'expected' => '&lt;svg/onload=prompt(1)//'),
// 1 => array('html' => '<script>alert(123)</script>', 'expected'=>''),
// 2 => array('html' => '"><script>alert(123)</script>', 'expected'=>'"&gt;'),
3 => array('html' => '< 200', 'expected'=>'&lt; 200'),
);
foreach($tests as $var)
{
$result = $this->tp->cleanHtml($var['html']);
$this->assertEquals($var['expected'], $result);
// FIXME: This test doesn't do anything?
}