Add HTML & XSS injection tests - they fail

2024-06-24 08:20:03 +02:00 · 2011-05-10 09:21:50 -07:00 · 2011-05-10 09:21:50 -07:00 · 71ffc678c2
parent e6562327e3
commit 71ffc678c2
1 changed files with 31 additions and 0 deletions
--- a/Tests/EscapingTest.php
+++ b/Tests/EscapingTest.php
@ -0,0 +1,31 @@
+<?php
+
+namespace Knplabs\Bundle\MarkdownBundle\Tests;
+
+use Knplabs\Bundle\MarkdownBundle\Parser\MarkdownParser as Parser;
+
+class EscapingTest extends \PHPUnit_Framework_TestCase
+{
+    protected $parser;
+
+    public function setUp()
+    {
+        $this->parser = new Parser();
+    }
+
+    public function testHtmlEscaping()
+    {
+        $text = '<a>a tag injection</a>';
+        $html = '<p>&lt;a&gt;a tag injection&lt;/a&gt;</p>';
+
+        $this->assertSame($html, $this->parser->transform($text));
+    }
+
+    public function testScriptEscaping()
+    {
+        $text = '<script>alert("haha");</script>';
+        $html = '&lt;script&gt;alert("haha");&lt;/script&gt;';
+
+        $this->assertSame($html, $this->parser->transform($text));
+    }
+}