alert(50);'), 'alert(50);'), array(htmlentities('This is some help text'), 'This is some help text'), array(htmlentities('???'), '???'), array(htmlentities('Foo FooPoo Poo'), 'Foo Fooalert(50);Poo Poo'), array(htmlentities('I am trying to Bold this!'), 'I am trying to <b>Bold</b> this!'), array(htmlentities(''), ''), ); } /** * testPopulateFromPostWithXSSHelpField * @dataProvider xssFields * @param string $badXSS The bad XSS script * @param string $expectedValue The expected output */ public function testPopulateFromPostWithXSSHelpField($badXSS, $expectedValue) { $tf = new Bug49939TemplateFieldMock(); $_REQUEST['help'] = $badXSS; $tf->vardef_map = array('help'=>'help'); $tf->populateFromPost(); $this->assertEquals($expectedValue, $tf->help, 'Unable to remove XSS from help field'); } } require_once('modules/DynamicFields/templates/Fields/TemplateField.php'); class Bug49939TemplateFieldMock extends TemplateField { public function applyVardefRules() { //no-opt function called at the end of populateFromPost method in TemplateField } } ?>