'
),
// no quotes and no semicolon - http://ha.ckers.org/xss.html
array(
')
',
'![]()
'
),
// embedded encoded tab to break up XSS - http://ha.ckers.org/xss.html
array(
';)
',
'![]()
'
),
// issue 178
array(
"![](\"invalid\"\nonerror=\"alert(1)\")
",
'
'
)
);
}
/**
* @dataProvider xssProvider
*/
public function testXSS($source, $expected)
{
$result = removeHackTag($source);
$this->assertEquals($result, $expected);
}
}