email_xss = $sugar_config['email_xss'];
$sugar_config['email_xss'] = '';
}
}
public function tearDown()
{
if(!empty($this->email_xss))
{
global $sugar_config;
$sugar_config['email_xss'] = $this->email_xss;
}
}
public function xssData()
{
return array(
array("some data", "some data"),
array("test link", "test link"),
array("some data", "some dataalert('xss!')"),
array("some data", "some data"),
array("some data", "some data"),
array('some data beforesome data after', 'some data beforesome data after'),
array('some data beforesome data after', 'some data beforesome data after'),
array('some data beforesome data after', 'some data beforesome data after'),
array('
Roger Smith
', 'Roger Smith
'),
array('some data beforesome data after', 'some data beforesome data after'),
);
}
protected function clean($str) {
$potentials = clean_xss($str, false);
if(is_array($potentials) && !empty($potentials)) {
foreach($potentials as $bad) {
$str = str_replace($bad, "", $str);
}
}
return $str;
}
/**
* @dataProvider xssData
*/
public function testXssFilter($before, $after)
{
$this->assertEquals($after, $this->clean($before));
}
/**
* @dataProvider xssData
*/
public function testXssFilterBean($before, $after)
{
$bean = new EmailTemplate();
$bean->body_html = to_html($before);
$bean->cleanBean();
$this->assertEquals(to_html($after), $bean->body_html);
}
}