KnpMarkdownBundle/Tests/EscapingTest.php

<?php

namespace Knplabs\Bundle\MarkdownBundle\Tests;

use Knplabs\Bundle\MarkdownBundle\Parser\MarkdownParser as Parser;

class EscapingTest extends \PHPUnit_Framework_TestCase
{
    protected $parser;

    public function setUp()
    {
        $this->parser = new Parser();
    }

    public function testHtmlEscaping()
    {
        $text = '<a>a tag injection</a>';
        $html = '<p>&lt;a&gt;a tag injection&lt;/a&gt;</p>';

        $this->assertSame($html, $this->parser->transform($text));
    }

    public function testScriptEscaping()
    {
        $text = '<script>alert("haha");</script>';
        $html = '&lt;script&gt;alert("haha");&lt;/script&gt;';

        $this->assertSame($html, $this->parser->transform($text));
    }
}
Add HTML & XSS injection tests - they fail 2011-05-10 18:21:50 +02:00			`<?php`

			`namespace Knplabs\Bundle\MarkdownBundle\Tests;`

			`use Knplabs\Bundle\MarkdownBundle\Parser\MarkdownParser as Parser;`

			`class EscapingTest extends \PHPUnit_Framework_TestCase`
			`{`
			`protected $parser;`

			`public function setUp()`
			`{`
			`$this->parser = new Parser();`
			`}`

			`public function testHtmlEscaping()`
			`{`
			`$text = '<a>a tag injection</a>';`
			`$html = '<p><a>a tag injection</a></p>';`

			`$this->assertSame($html, $this->parser->transform($text));`
			`}`

			`public function testScriptEscaping()`
			`{`
			`$text = '<script>alert("haha");</script>';`
			`$html = '<script>alert("haha");</script>';`

			`$this->assertSame($html, $this->parser->transform($text));`
			`}`
			`}`