tests/include/utils/XssTest.php

   1 <?php
   2 require_once 'include/utils.php';
   3
   4 class XssTest extends Sugar_PHPUnit_Framework_TestCase
   5 {
   6     public function xssData()
   7     {
   8         return array(
   9             array("some data", "some data"),
  10             array("test <a href=\"http://www.digitalbrandexpressions.com\">link</a>", "test <a href=\"http://www.digitalbrandexpressions.com\">link</a>"),
  11             array("some data<script>alert('xss!')</script>", "some data<>alert('xss!')</>"),
  12             array("some data<script src=\" http://localhost/xss.js\"></script>", "some data< src=\" http://localhost/xss.js\"></>"),
  13             array("some data<applet></applet><script src=\" http://localhost/xss.js\"></script>", "some data<></>< src=\" http://localhost/xss.js\"></>"),
  14             );
  15     }
  16
  17     protected function clean($str) {
  18         $potentials = clean_xss($str, false);
  19         if(is_array($potentials) && !empty($potentials)) {
  20              foreach($potentials as $bad) {
  21                  $str = str_replace($bad, "", $str);
  22              }
  23         }
  24         return $str;
  25     }
  26
  27     /**
  28      * @dataProvider xssData
  29      */
  30     public function testXssFilter($before, $after)
  31     {
  32         $this->assertEquals($after, $this->clean($before));
  33     }
  34
  35     /**
  36      * @dataProvider xssData
  37      */
  38     public function testXssFilterBean($before, $after)
  39     {
  40         $bean = new EmailTemplate();
  41         $bean->body_html = to_html($before);
  42         $bean->cleanBean();
  43         $this->assertEquals(to_html($after), $bean->body_html);
  44     }
  45 }