'
),
// no quotes and no semicolon - http://ha.ckers.org/xss.html
array(
')
',
'![]()
'
),
// embedded encoded tab to break up XSS - http://ha.ckers.org/xss.html
array(
';)
',
'![]()
'
),
// issue 178
array(
"![](\"invalid\"\nonerror=\"alert(1)\")
",
'
'
),
// issue 534
array(
'![](\'as"df)
*/" onerror="console.log(\'Yet another XSS\')">',
'![](as"df dummy=)
*/" onerror="console.log(\'Yet another XSS\')">'
),
// issue 602
array(
'
',
''
)
);
}
/**
* @dataProvider provider
*/
public function testXss($source, $expected)
{
$result = removeHackTag($source);
$this->assertEquals($result, $expected);
}
}
',
''
)
);
}
/**
* @dataProvider provider
*/
public function testXss($source, $expected)
{
$result = removeHackTag($source);
$this->assertEquals($result, $expected);
}
}