mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 20:58:30 +01:00
Code Issues Releases Wiki Activity

Extra parser test for script access.

Browse Source
This commit is contained in:
Cameron 2020-06-22 13:05:58 -07:00
parent 339765bf0e
commit e392d8c598
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
e107_tests/tests/unit/e_parseTest.php
View File

@ -1156,6 +1156,11 @@ while($row = $sql->fetch())
'html' => '<div class="video-responsive"><div class="video-responsive"><video width="320" height="240" controls="controls"><source src="e107_media/xxxxx5/videos/2018-07/SampleVideo.mp4" type="video/mp4">Your browser does not support the video tag.</video></div></div>',
'expected' => '<div class="video-responsive"><div class="video-responsive"><video width="320" height="240" controls="controls"><source src="e107_media/xxxxx5/videos/2018-07/SampleVideo.mp4" type="video/mp4">Your browser does not support the video tag.</source></video></div></div>'
),
14 => array(
'html' => '<script>alert(1)</script>', // test removal of 'script' tags
'expected' => ''
)
);
@ -1166,7 +1171,7 @@ while(&#036;row = &#036;sql-&gt;fetch())
$this->assertEquals($var['expected'], $result);
}
// -------------------------
// ----------- Test with Script access enabled --------------
$this->tp->setScriptAccess(e_UC_PUBLIC);
@ -1176,6 +1181,10 @@ while(&#036;row = &#036;sql-&gt;fetch())
'html' => '<a href="#" onchange="whatever">Test</a>',
'expected' => '<a href="#" onchange="whatever">Test</a>'
),
1 => array(
'html' => '<script>alert(1)</script>', // test support for 'script' tags
'expected' => '<script>alert(1)</script>'
)
);
foreach($scriptAccess as $var)