mirror of
https://github.com/KnpLabs/KnpMarkdownBundle.git
synced 2024-06-28 10:20:03 +02:00
Add HTML & XSS injection tests - they fail
This commit is contained in:
parent
e6562327e3
commit
71ffc678c2
31
Tests/EscapingTest.php
Normal file
31
Tests/EscapingTest.php
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Knplabs\Bundle\MarkdownBundle\Tests;
|
||||||
|
|
||||||
|
use Knplabs\Bundle\MarkdownBundle\Parser\MarkdownParser as Parser;
|
||||||
|
|
||||||
|
class EscapingTest extends \PHPUnit_Framework_TestCase
|
||||||
|
{
|
||||||
|
protected $parser;
|
||||||
|
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
$this->parser = new Parser();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testHtmlEscaping()
|
||||||
|
{
|
||||||
|
$text = '<a>a tag injection</a>';
|
||||||
|
$html = '<p><a>a tag injection</a></p>';
|
||||||
|
|
||||||
|
$this->assertSame($html, $this->parser->transform($text));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testScriptEscaping()
|
||||||
|
{
|
||||||
|
$text = '<script>alert("haha");</script>';
|
||||||
|
$html = '<script>alert("haha");</script>';
|
||||||
|
|
||||||
|
$this->assertSame($html, $this->parser->transform($text));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue