pictcode / lib / Cake / Test / Case / Utility / SanitizeTest.php @ 4c96e5a3
履歴 | 表示 | アノテート | ダウンロード (15.852 KB)
| 1 | 635eef61 | spyder1211 | <?php
|
|---|---|---|---|
| 2 | /**
|
||
| 3 | * SanitizeTest file
|
||
| 4 | *
|
||
| 5 | * CakePHP(tm) Tests <http://book.cakephp.org/2.0/en/development/testing.html>
|
||
| 6 | * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
| 7 | *
|
||
| 8 | * Licensed under The MIT License
|
||
| 9 | * For full copyright and license information, please see the LICENSE.txt
|
||
| 10 | * Redistributions of files must retain the above copyright notice
|
||
| 11 | *
|
||
| 12 | * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
| 13 | * @link http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests
|
||
| 14 | * @package Cake.Test.Case.Utility
|
||
| 15 | * @since CakePHP(tm) v 1.2.0.5428
|
||
| 16 | * @license http://www.opensource.org/licenses/mit-license.php MIT License
|
||
| 17 | */
|
||
| 18 | |||
| 19 | App::uses('Sanitize', 'Utility'); |
||
| 20 | |||
| 21 | /**
|
||
| 22 | * DataTest class
|
||
| 23 | *
|
||
| 24 | * @package Cake.Test.Case.Utility
|
||
| 25 | */
|
||
| 26 | class SanitizeDataTest extends CakeTestModel { |
||
| 27 | |||
| 28 | /**
|
||
| 29 | * useTable property
|
||
| 30 | *
|
||
| 31 | * @var string
|
||
| 32 | */
|
||
| 33 | public $useTable = 'data_tests'; |
||
| 34 | } |
||
| 35 | |||
| 36 | /**
|
||
| 37 | * Article class
|
||
| 38 | *
|
||
| 39 | * @package Cake.Test.Case.Utility
|
||
| 40 | */
|
||
| 41 | class SanitizeArticle extends CakeTestModel { |
||
| 42 | |||
| 43 | /**
|
||
| 44 | * useTable property
|
||
| 45 | *
|
||
| 46 | * @var string
|
||
| 47 | */
|
||
| 48 | public $useTable = 'articles'; |
||
| 49 | } |
||
| 50 | |||
| 51 | /**
|
||
| 52 | * SanitizeTest class
|
||
| 53 | *
|
||
| 54 | * @package Cake.Test.Case.Utility
|
||
| 55 | */
|
||
| 56 | class SanitizeTest extends CakeTestCase { |
||
| 57 | |||
| 58 | /**
|
||
| 59 | * autoFixtures property
|
||
| 60 | *
|
||
| 61 | * @var bool
|
||
| 62 | */
|
||
| 63 | public $autoFixtures = false; |
||
| 64 | |||
| 65 | /**
|
||
| 66 | * fixtures property
|
||
| 67 | *
|
||
| 68 | * @var array
|
||
| 69 | */
|
||
| 70 | public $fixtures = array('core.data_test', 'core.article'); |
||
| 71 | |||
| 72 | /**
|
||
| 73 | * testEscapeAlphaNumeric method
|
||
| 74 | *
|
||
| 75 | * @return void
|
||
| 76 | */
|
||
| 77 | public function testEscapeAlphaNumeric() { |
||
| 78 | $resultAlpha = Sanitize::escape('abc', 'test'); |
||
| 79 | $this->assertEquals('abc', $resultAlpha); |
||
| 80 | |||
| 81 | $resultNumeric = Sanitize::escape('123', 'test'); |
||
| 82 | $this->assertEquals('123', $resultNumeric); |
||
| 83 | |||
| 84 | $resultNumeric = Sanitize::escape(1234, 'test'); |
||
| 85 | $this->assertEquals(1234, $resultNumeric); |
||
| 86 | |||
| 87 | $resultNumeric = Sanitize::escape(1234.23, 'test'); |
||
| 88 | $this->assertEquals(1234.23, $resultNumeric); |
||
| 89 | |||
| 90 | $resultNumeric = Sanitize::escape('#1234.23', 'test'); |
||
| 91 | $this->assertEquals('#1234.23', $resultNumeric); |
||
| 92 | |||
| 93 | $resultNull = Sanitize::escape(null, 'test'); |
||
| 94 | $this->assertEquals(null, $resultNull); |
||
| 95 | |||
| 96 | $resultNull = Sanitize::escape(false, 'test'); |
||
| 97 | $this->assertEquals(false, $resultNull); |
||
| 98 | |||
| 99 | $resultNull = Sanitize::escape(true, 'test'); |
||
| 100 | $this->assertEquals(true, $resultNull); |
||
| 101 | } |
||
| 102 | |||
| 103 | /**
|
||
| 104 | * testClean method
|
||
| 105 | *
|
||
| 106 | * @return void
|
||
| 107 | */
|
||
| 108 | public function testClean() { |
||
| 109 | $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; |
||
| 110 | $expected = 'test & "quote" 'other' ;.$ symbol.another line'; |
||
| 111 | $result = Sanitize::clean($string, array('connection' => 'test')); |
||
| 112 | $this->assertEquals($expected, $result); |
||
| 113 | |||
| 114 | $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; |
||
| 115 | $expected = 'test & ' . Sanitize::escape('"quote"', 'test') . ' ' . Sanitize::escape('\'other\'', 'test') . ' ;.$ symbol.another line'; |
||
| 116 | $result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test')); |
||
| 117 | $this->assertEquals($expected, $result); |
||
| 118 | |||
| 119 | $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; |
||
| 120 | $expected = 'test & "quote" \'other\' ;.$ $ symbol.another line'; |
||
| 121 | $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'connection' => 'test')); |
||
| 122 | $this->assertEquals($expected, $result); |
||
| 123 | |||
| 124 | $string = 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'; |
||
| 125 | $expected = 'test & "quote" \'other\' ;.$ \\$ symbol.another line'; |
||
| 126 | $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'dollar' => false, 'connection' => 'test')); |
||
| 127 | $this->assertEquals($expected, $result); |
||
| 128 | |||
| 129 | $string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; |
||
| 130 | $expected = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line'; |
||
| 131 | $result = Sanitize::clean($string, array('encode' => false, 'escape' => false, 'carriage' => false, 'connection' => 'test')); |
||
| 132 | $this->assertEquals($expected, $result); |
||
| 133 | |||
| 134 | $array = array(array('test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line')); |
||
| 135 | $expected = array(array('test & "quote" 'other' ;.$ symbol.another line')); |
||
| 136 | $result = Sanitize::clean($array, array('connection' => 'test')); |
||
| 137 | $this->assertEquals($expected, $result); |
||
| 138 | |||
| 139 | $array = array(array('test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line')); |
||
| 140 | $expected = array(array('test & "quote" \'other\' ;.$ $ symbol.another line')); |
||
| 141 | $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test')); |
||
| 142 | $this->assertEquals($expected, $result); |
||
| 143 | |||
| 144 | $array = array(array('test odd Ä spacesé')); |
||
| 145 | $expected = array(array('test odd Ä spacesé')); |
||
| 146 | $result = Sanitize::clean($array, array('odd_spaces' => false, 'escape' => false, 'connection' => 'test')); |
||
| 147 | $this->assertEquals($expected, $result); |
||
| 148 | |||
| 149 | $array = array(array('\\$', array('key' => 'test & "quote" \'other\' ;.$ \\$ symbol.' . "\r" . 'another line'))); |
||
| 150 | $expected = array(array('$', array('key' => 'test & "quote" \'other\' ;.$ $ symbol.another line'))); |
||
| 151 | $result = Sanitize::clean($array, array('encode' => false, 'escape' => false, 'connection' => 'test')); |
||
| 152 | $this->assertEquals($expected, $result); |
||
| 153 | |||
| 154 | $string = ''; |
||
| 155 | $expected = ''; |
||
| 156 | $result = Sanitize::clean($string, array('connection' => 'test')); |
||
| 157 | $this->assertEquals($expected, $result); |
||
| 158 | |||
| 159 | $data = array( |
||
| 160 | 'Grant' => array( |
||
| 161 | 'title' => '2 o clock grant', |
||
| 162 | 'grant_peer_review_id' => 3, |
||
| 163 | 'institution_id' => 5, |
||
| 164 | 'created_by' => 1, |
||
| 165 | 'modified_by' => 1, |
||
| 166 | 'created' => '2010-07-15 14:11:00', |
||
| 167 | 'modified' => '2010-07-19 10:45:41' |
||
| 168 | ), |
||
| 169 | 'GrantsMember' => array( |
||
| 170 | 0 => array( |
||
| 171 | 'id' => 68, |
||
| 172 | 'grant_id' => 120, |
||
| 173 | 'member_id' => 16, |
||
| 174 | 'program_id' => 29, |
||
| 175 | 'pi_percent_commitment' => 1 |
||
| 176 | ) |
||
| 177 | ) |
||
| 178 | ); |
||
| 179 | $result = Sanitize::clean($data, array('connection' => 'test')); |
||
| 180 | $this->assertEquals($data, $result); |
||
| 181 | } |
||
| 182 | |||
| 183 | /**
|
||
| 184 | * testHtml method
|
||
| 185 | *
|
||
| 186 | * @return void
|
||
| 187 | */
|
||
| 188 | public function testHtml() { |
||
| 189 | $string = '<p>This is a <em>test string</em> & so is this</p>'; |
||
| 190 | $expected = 'This is a test string & so is this'; |
||
| 191 | $result = Sanitize::html($string, array('remove' => true)); |
||
| 192 | $this->assertEquals($expected, $result); |
||
| 193 | |||
| 194 | $string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true'; |
||
| 195 | $expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true'; |
||
| 196 | $result = Sanitize::html($string); |
||
| 197 | $this->assertEquals($expected, $result); |
||
| 198 | |||
| 199 | $string = 'The "lazy" dog \'jumped\''; |
||
| 200 | $expected = 'The "lazy" dog \'jumped\''; |
||
| 201 | $result = Sanitize::html($string, array('quotes' => ENT_COMPAT)); |
||
| 202 | $this->assertEquals($expected, $result); |
||
| 203 | |||
| 204 | $string = 'The "lazy" dog \'jumped\''; |
||
| 205 | $result = Sanitize::html($string, array('quotes' => ENT_NOQUOTES)); |
||
| 206 | $this->assertEquals($string, $result); |
||
| 207 | |||
| 208 | $string = 'The "lazy" dog \'jumped\' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true'; |
||
| 209 | $expected = 'The "lazy" dog 'jumped' & flew over the moon. If (1+1) = 2 <em>is</em> true, (2-1) = 1 is also true'; |
||
| 210 | $result = Sanitize::html($string); |
||
| 211 | $this->assertEquals($expected, $result); |
||
| 212 | |||
| 213 | $string = 'The "lazy" dog & his friend Apple® conquered the world'; |
||
| 214 | $expected = 'The "lazy" dog & his friend Apple&reg; conquered the world'; |
||
| 215 | $result = Sanitize::html($string); |
||
| 216 | $this->assertEquals($expected, $result); |
||
| 217 | |||
| 218 | $string = 'The "lazy" dog & his friend Apple® conquered the world'; |
||
| 219 | $expected = 'The "lazy" dog & his friend Apple® conquered the world'; |
||
| 220 | $result = Sanitize::html($string, array('double' => false)); |
||
| 221 | $this->assertEquals($expected, $result); |
||
| 222 | } |
||
| 223 | |||
| 224 | /**
|
||
| 225 | * testStripWhitespace method
|
||
| 226 | *
|
||
| 227 | * @return void
|
||
| 228 | */
|
||
| 229 | public function testStripWhitespace() { |
||
| 230 | $string = "This sentence \t\t\t has lots of \n\n white\nspace \rthat \r\n needs to be \t \n trimmed."; |
||
| 231 | $expected = "This sentence has lots of whitespace that needs to be trimmed."; |
||
| 232 | $result = Sanitize::stripWhitespace($string); |
||
| 233 | $this->assertEquals($expected, $result); |
||
| 234 | |||
| 235 | $text = 'I love ßá†ö√ letters.'; |
||
| 236 | $result = Sanitize::stripWhitespace($text); |
||
| 237 | $expected = 'I love ßá†ö√ letters.'; |
||
| 238 | $this->assertEquals($expected, $result); |
||
| 239 | } |
||
| 240 | |||
| 241 | /**
|
||
| 242 | * testParanoid method
|
||
| 243 | *
|
||
| 244 | * @return void
|
||
| 245 | */
|
||
| 246 | public function testParanoid() { |
||
| 247 | $string = 'I would like to !%@#% & dance & sing ^$&*()-+'; |
||
| 248 | $expected = 'Iwouldliketodancesing'; |
||
| 249 | $result = Sanitize::paranoid($string); |
||
| 250 | $this->assertEquals($expected, $result); |
||
| 251 | |||
| 252 | $string = array('This |s th% s0ng that never ends it g*es', |
||
| 253 | 'on and on my friends, b^ca#use it is the',
|
||
| 254 | 'so&g th===t never ends.');
|
||
| 255 | $expected = array('This s th% s0ng that never ends it g*es', |
||
| 256 | 'on and on my friends bcause it is the',
|
||
| 257 | 'sog tht never ends.');
|
||
| 258 | $result = Sanitize::paranoid($string, array('%', '*', '.', ' ')); |
||
| 259 | $this->assertEquals($expected, $result); |
||
| 260 | |||
| 261 | $string = "anything' OR 1 = 1"; |
||
| 262 | $expected = 'anythingOR11'; |
||
| 263 | $result = Sanitize::paranoid($string); |
||
| 264 | $this->assertEquals($expected, $result); |
||
| 265 | |||
| 266 | $string = "x' AND email IS NULL; --"; |
||
| 267 | $expected = 'xANDemailISNULL'; |
||
| 268 | $result = Sanitize::paranoid($string); |
||
| 269 | $this->assertEquals($expected, $result); |
||
| 270 | |||
| 271 | $string = "x' AND 1=(SELECT COUNT(*) FROM users); --"; |
||
| 272 | $expected = 'xAND1SELECTCOUNTFROMusers'; |
||
| 273 | $result = Sanitize::paranoid($string); |
||
| 274 | $this->assertEquals($expected, $result); |
||
| 275 | |||
| 276 | $string = "x'; DROP TABLE members; --"; |
||
| 277 | $expected = 'xDROPTABLEmembers'; |
||
| 278 | $result = Sanitize::paranoid($string); |
||
| 279 | $this->assertEquals($expected, $result); |
||
| 280 | } |
||
| 281 | |||
| 282 | /**
|
||
| 283 | * testStripImages method
|
||
| 284 | *
|
||
| 285 | * @return void
|
||
| 286 | */
|
||
| 287 | public function testStripImages() { |
||
| 288 | $string = '<img src="/img/test.jpg" alt="my image" />'; |
||
| 289 | $expected = 'my image<br />'; |
||
| 290 | $result = Sanitize::stripImages($string); |
||
| 291 | $this->assertEquals($expected, $result); |
||
| 292 | |||
| 293 | $string = '<img src="javascript:alert(\'XSS\');" />'; |
||
| 294 | $expected = ''; |
||
| 295 | $result = Sanitize::stripImages($string); |
||
| 296 | $this->assertEquals($expected, $result); |
||
| 297 | |||
| 298 | $string = '<a href="http://www.badsite.com/phising"><img src="/img/test.jpg" alt="test image alt" title="test image title" id="myImage" class="image-left"/></a>'; |
||
| 299 | $expected = '<a href="http://www.badsite.com/phising">test image alt</a><br />'; |
||
| 300 | $result = Sanitize::stripImages($string); |
||
| 301 | $this->assertEquals($expected, $result); |
||
| 302 | |||
| 303 | $string = '<a onclick="medium()" href="http://example.com"><img src="foobar.png" onclick="evilFunction(); return false;"/></a>'; |
||
| 304 | $expected = '<a onclick="medium()" href="http://example.com"></a>'; |
||
| 305 | $result = Sanitize::stripImages($string); |
||
| 306 | $this->assertEquals($expected, $result); |
||
| 307 | } |
||
| 308 | |||
| 309 | /**
|
||
| 310 | * testStripScripts method
|
||
| 311 | *
|
||
| 312 | * @return void
|
||
| 313 | */
|
||
| 314 | public function testStripScripts() { |
||
| 315 | $string = '<link href="/css/styles.css" media="screen" rel="stylesheet" />'; |
||
| 316 | $expected = ''; |
||
| 317 | $result = Sanitize::stripScripts($string); |
||
| 318 | $this->assertEquals($expected, $result); |
||
| 319 | |||
| 320 | $string = '<link href="/css/styles.css" media="screen" rel="stylesheet" />' . "\n" . |
||
| 321 | '<link rel="icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . |
||
| 322 | '<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . |
||
| 323 | '<link rel="alternate" href="/feed.xml" title="RSS Feed" type="application/rss+xml" />';
|
||
| 324 | $expected = "\n" . '<link rel="icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . |
||
| 325 | '<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />' . "\n" . |
||
| 326 | '<link rel="alternate" href="/feed.xml" title="RSS Feed" type="application/rss+xml" />';
|
||
| 327 | $result = Sanitize::stripScripts($string); |
||
| 328 | $this->assertEquals($expected, $result); |
||
| 329 | |||
| 330 | $string = '<script type="text/javascript"> alert("hacked!");</script>'; |
||
| 331 | $expected = ''; |
||
| 332 | $result = Sanitize::stripScripts($string); |
||
| 333 | $this->assertEquals($expected, $result); |
||
| 334 | |||
| 335 | $string = '<script> alert("hacked!");</script>'; |
||
| 336 | $expected = ''; |
||
| 337 | $result = Sanitize::stripScripts($string); |
||
| 338 | $this->assertEquals($expected, $result); |
||
| 339 | |||
| 340 | $string = '<style>#content { display:none; }</style>'; |
||
| 341 | $expected = ''; |
||
| 342 | $result = Sanitize::stripScripts($string); |
||
| 343 | $this->assertEquals($expected, $result); |
||
| 344 | |||
| 345 | $string = '<style type="text/css"><!-- #content { display:none; } --></style>'; |
||
| 346 | $expected = ''; |
||
| 347 | $result = Sanitize::stripScripts($string); |
||
| 348 | $this->assertEquals($expected, $result); |
||
| 349 | |||
| 350 | $string = <<<HTML |
||
| 351 | text
|
||
| 352 | <style type="text/css">
|
||
| 353 | <!--
|
||
| 354 | #content { display:none; }
|
||
| 355 | -->
|
||
| 356 | </style>
|
||
| 357 | text
|
||
| 358 | HTML;
|
||
| 359 | $expected = "text\n\ntext"; |
||
| 360 | $result = Sanitize::stripScripts($string); |
||
| 361 | $this->assertTextEquals($expected, $result); |
||
| 362 | |||
| 363 | $string = <<<HTML |
||
| 364 | text
|
||
| 365 | <script type="text/javascript">
|
||
| 366 | <!--
|
||
| 367 | alert('wooo');
|
||
| 368 | -->
|
||
| 369 | </script>
|
||
| 370 | text
|
||
| 371 | HTML;
|
||
| 372 | $expected = "text\n\ntext"; |
||
| 373 | $result = Sanitize::stripScripts($string); |
||
| 374 | $this->assertTextEquals($expected, $result); |
||
| 375 | } |
||
| 376 | |||
| 377 | /**
|
||
| 378 | * testStripAll method
|
||
| 379 | *
|
||
| 380 | * @return void
|
||
| 381 | */
|
||
| 382 | public function testStripAll() { |
||
| 383 | $string = '<img """><script>alert("xss")</script>"/>'; |
||
| 384 | $expected = '"/>'; |
||
| 385 | $result = Sanitize::stripAll($string); |
||
| 386 | $this->assertEquals($expected, $result); |
||
| 387 | |||
| 388 | $string = '<IMG SRC=javascript:alert('XSS')>'; |
||
| 389 | $expected = ''; |
||
| 390 | $result = Sanitize::stripAll($string); |
||
| 391 | $this->assertEquals($expected, $result); |
||
| 392 | |||
| 393 | $string = '<<script>alert("XSS");//<</script>'; |
||
| 394 | $expected = '<'; |
||
| 395 | $result = Sanitize::stripAll($string); |
||
| 396 | $this->assertEquals($expected, $result); |
||
| 397 | |||
| 398 | $string = '<img src="http://google.com/images/logo.gif" onload="window.location=\'http://sam.com/\'" />' . "\n" . |
||
| 399 | "<p>This is ok \t\n text</p>\n" .
|
||
| 400 | '<link rel="stylesheet" href="/css/master.css" type="text/css" media="screen" title="my sheet" charset="utf-8">' . "\n" . |
||
| 401 | '<script src="xss.js" type="text/javascript" charset="utf-8"></script>';
|
||
| 402 | $expected = '<p>This is ok text</p>'; |
||
| 403 | $result = Sanitize::stripAll($string); |
||
| 404 | $this->assertEquals($expected, $result); |
||
| 405 | } |
||
| 406 | |||
| 407 | /**
|
||
| 408 | * testStripTags method
|
||
| 409 | *
|
||
| 410 | * @return void
|
||
| 411 | */
|
||
| 412 | public function testStripTags() { |
||
| 413 | $string = '<h2>Headline</h2><p><a href="http://example.com">My Link</a> could go to a bad site</p>'; |
||
| 414 | $expected = 'Headline<p>My Link could go to a bad site</p>'; |
||
| 415 | $result = Sanitize::stripTags($string, 'h2', 'a'); |
||
| 416 | $this->assertEquals($expected, $result); |
||
| 417 | |||
| 418 | $string = '<script type="text/javascript" src="http://evildomain.com"> </script>'; |
||
| 419 | $expected = ' '; |
||
| 420 | $result = Sanitize::stripTags($string, 'script'); |
||
| 421 | $this->assertEquals($expected, $result); |
||
| 422 | |||
| 423 | $string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>'; |
||
| 424 | $expected = 'Important<p>Additional information here <img src="/img/test.png" />. Read even more here</p>'; |
||
| 425 | $result = Sanitize::stripTags($string, 'h2', 'a'); |
||
| 426 | $this->assertEquals($expected, $result); |
||
| 427 | |||
| 428 | $string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>'; |
||
| 429 | $expected = 'Important<p>Additional information here . Read even more here</p>'; |
||
| 430 | $result = Sanitize::stripTags($string, 'h2', 'a', 'img'); |
||
| 431 | $this->assertEquals($expected, $result); |
||
| 432 | |||
| 433 | $string = '<b>Important message!</b><br>This message will self destruct!'; |
||
| 434 | $expected = 'Important message!<br>This message will self destruct!'; |
||
| 435 | $result = Sanitize::stripTags($string, 'b'); |
||
| 436 | $this->assertEquals($expected, $result); |
||
| 437 | |||
| 438 | $string = '<b>Important message!</b><br />This message will self destruct!'; |
||
| 439 | $expected = 'Important message!<br />This message will self destruct!'; |
||
| 440 | $result = Sanitize::stripTags($string, 'b'); |
||
| 441 | $this->assertEquals($expected, $result); |
||
| 442 | |||
| 443 | $string = '<h2 onclick="alert(\'evil\'); onmouseover="badness()">Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>'; |
||
| 444 | $expected = 'Important<p>Additional information here . Read even more here</p>'; |
||
| 445 | $result = Sanitize::stripTags($string, 'h2', 'a', 'img'); |
||
| 446 | $this->assertEquals($expected, $result); |
||
| 447 | } |
||
| 448 | } |