From 71ffc678c28888ebb7a1b57d1148f92efb68f3fc Mon Sep 17 00:00:00 2001
From: ornicar <thibault.duplessis@gmail.com>
Date: Tue, 10 May 2011 09:21:50 -0700
Subject: [PATCH] Add HTML & XSS injection tests - they fail

---
 Tests/EscapingTest.php | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 Tests/EscapingTest.php

diff --git a/Tests/EscapingTest.php b/Tests/EscapingTest.php
new file mode 100644
index 0000000..9e578dd
--- /dev/null
+++ b/Tests/EscapingTest.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Knplabs\Bundle\MarkdownBundle\Tests;
+
+use Knplabs\Bundle\MarkdownBundle\Parser\MarkdownParser as Parser;
+
+class EscapingTest extends \PHPUnit_Framework_TestCase
+{
+    protected $parser;
+
+    public function setUp()
+    {
+        $this->parser = new Parser();
+    }
+
+    public function testHtmlEscaping()
+    {
+        $text = '<a>a tag injection</a>';
+        $html = '<p>&lt;a&gt;a tag injection&lt;/a&gt;</p>';
+
+        $this->assertSame($html, $this->parser->transform($text));
+    }
+
+    public function testScriptEscaping()
+    {
+        $text = '<script>alert("haha");</script>';
+        $html = '&lt;script&gt;alert("haha");&lt;/script&gt;';
+
+        $this->assertSame($html, $this->parser->transform($text));
+    }
+}