2 require_once 'include/utils.php';
4 class XssTest extends Sugar_PHPUnit_Framework_TestCase
6 public function xssData()
9 array("some data", "some data"),
10 array("test <a href=\"http://www.digitalbrandexpressions.com\">link</a>", "test <a href=\"http://www.digitalbrandexpressions.com\">link</a>"),
11 array("some data<script>alert('xss!')</script>", "some data<>alert('xss!')</>"),
12 array("some data<script src=\" http://localhost/xss.js\"></script>", "some data< src=\" http://localhost/xss.js\"></>"),
13 array("some data<applet></applet><script src=\" http://localhost/xss.js\"></script>", "some data<></>< src=\" http://localhost/xss.js\"></>"),
17 protected function clean($str) {
18 $potentials = clean_xss($str, false);
19 if(is_array($potentials) && !empty($potentials)) {
20 foreach($potentials as $bad) {
21 $str = str_replace($bad, "", $str);
28 * @dataProvider xssData
30 public function testXssFilter($before, $after)
32 $this->assertEquals($after, $this->clean($before));
36 * @dataProvider xssData
38 public function testXssFilterBean($before, $after)
40 $bean = new EmailTemplate();
41 $bean->body_html = to_html($before);
43 $this->assertEquals(to_html($after), $bean->body_html);