link", "test link"),
array("some data", "some data<>alert('xss!')>"),
array("some data", "some data< src=\" http://localhost/xss.js\">>"),
array("some data", "some data<>>< src=\" http://localhost/xss.js\">>"),
);
}
protected function clean($str) {
$potentials = clean_xss($str, false);
if(is_array($potentials) && !empty($potentials)) {
foreach($potentials as $bad) {
$str = str_replace($bad, "", $str);
}
}
return $str;
}
/**
* @dataProvider xssData
*/
public function testXssFilter($before, $after)
{
$this->assertEquals($after, $this->clean($before));
}
/**
* @dataProvider xssData
*/
public function testXssFilterBean($before, $after)
{
$bean = new EmailTemplate();
$bean->body_html = to_html($before);
$bean->cleanBean();
$this->assertEquals(to_html($after), $bean->body_html);
}
}