Skip to content
Snippets Groups Projects
Commit 96c06c14 authored by Lukas Reschke's avatar Lukas Reschke
Browse files

Merge pull request #8341 from owncloud/template-tests-output-buffering 

Improve Template Tests by Removing Manual Output Buffering
parents c591cf08 f45080e8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 15 additions and 35 deletions
tests/lib/template.php
+ 15
35
View file @ 96c06c14
...@@ -27,52 +27,32 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase { ...@@ -27,52 +27,32 @@ class Test_TemplateFunctions extends PHPUnit_Framework_TestCase {
$loader->load('OC_Template'); $loader->load('OC_Template');
} }
public function testP() { public function testPJavaScript() {
$badString = '<img onload="alert(1)" />'; $this->expectOutputString('&lt;img onload=&quot;alert(1)&quot; /&gt;');
ob_start(); p('<img onload="alert(1)" />');
p($badString);
$result = ob_get_clean();
$this->assertEquals('&lt;img onload=&quot;alert(1)&quot; /&gt;', $result);
$badString = "<script>alert('Hacked!');</script>";
ob_start();
p($badString);
$result = ob_get_clean();
$this->assertEquals('&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;', $result);
$goodString = 'This is a good string without HTML.';
ob_start();
p($goodString);
$result = ob_get_clean();
$this->assertEquals('This is a good string without HTML.', $result);
} }
public function testPNormalString() { public function testPJavaScriptWithScriptTags() {
$normalString = "This is a good string!"; $this->expectOutputString('&lt;script&gt;alert(&#039;Hacked!&#039;);&lt;/script&gt;');
ob_start(); p("<script>alert('Hacked!');</script>");
p($normalString); }
$result = ob_get_clean();
$this->assertEquals("This is a good string!", $result); public function testPNormalString() {
$string = 'This is a good string without HTML.';
$this->expectOutputString($string);
p($string);
} }
public function testPrintUnescaped() { public function testPrintUnescaped() {
$htmlString = "<script>alert('xss');</script>"; $htmlString = "<script>alert('xss');</script>";
$this->expectOutputString($htmlString);
ob_start();
print_unescaped($htmlString); print_unescaped($htmlString);
$result = ob_get_clean();
$this->assertEquals($htmlString, $result);
} }
public function testPrintUnescapedNormalString() { public function testPrintUnescapedNormalString() {
$normalString = "This is a good string!"; $string = 'This is a good string!';
ob_start(); $this->expectOutputString($string);
print_unescaped($normalString); print_unescaped($string);
$result = ob_get_clean();
$this->assertEquals("This is a good string!", $result);
} }
// --------------------------------------------------------------------------- // ---------------------------------------------------------------------------
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment