mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-08 19:21:40 +09:00
2830183520
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@9508 201d5d3c-b55e-5fd7-737f-ddc643e51545
48 lines
1.2 KiB
PHP
48 lines
1.2 KiB
PHP
<?php
|
|
|
|
define('__XE__', 1);
|
|
define('_XE_PATH_', realpath(dirname(__FILE__).'/../'));
|
|
require _XE_PATH_.'/config/func.inc.php';
|
|
|
|
class FuncIncTest extends PHPUnit_Framework_TestCase
|
|
{
|
|
static public function xssProvider()
|
|
{
|
|
return array(
|
|
// remove iframe
|
|
array(
|
|
'<div class="frame"><iframe src="path/to/file.html"></iframe><p><a href="#iframe">IFrame</a></p></div>',
|
|
'<div class="frame"><iframe src="path/to/file.html"></iframe><p><a href="#iframe">IFrame</a></p></div>'
|
|
),
|
|
// expression
|
|
array(
|
|
'<div class="dummy" style="xss:expr/*XSS*/ession(alert(\'XSS\'))">',
|
|
'<div class="dummy">'
|
|
),
|
|
// no quotes and no semicolon - http://ha.ckers.org/xss.html
|
|
array(
|
|
'<img src=javascript:alert(\'xss\')>',
|
|
'<img>'
|
|
),
|
|
// embedded encoded tab to break up XSS - http://ha.ckers.org/xss.html
|
|
array(
|
|
'<IMG SRC="jav	ascript:alert(\'XSS\');">',
|
|
'<img>'
|
|
),
|
|
// issue 178
|
|
array(
|
|
"<img src=\"invalid\"\nonerror=\"alert(1)\" />",
|
|
'<img src="invalid" />'
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @dataProvider xssProvider
|
|
*/
|
|
public function testXSS($source, $expected)
|
|
{
|
|
$result = removeHackTag($source);
|
|
$this->assertEquals($result, $expected);
|
|
}
|
|
}
|