Source for file XSSFilter.test.php
Documentation is available at XSSFilter.test.php
* @author Steve 'Ashcrow' Milner
* @link http://bitbucket.org/ashcrow/php-xssfilter
require_once 'PHPUnit/Framework.php';
require_once 'src/XSSFilter.class.php';
$this->unsafe =
new XSSFilter(False, False, False, False, False);
$this->all_filters_on =
new XSSFilter(True, True, True, True, False);
$this->all_filters_on_extended =
new XSSFilter(
True, True, True, True, True);
$this->example =
new XSSFilter(True, True, False, True, True);
* Verifies that the proper types are returned based on what
$to_filter_str =
'start<b>inside</b>end';
$to_filter_array =
array('test'=>
$to_filter_str);
// Unsafe should not modify types
$this->assertType('array',
$this->unsafe->filter($to_filter_array));
$this->assertType('string',
$this->unsafe->filter($to_filter_str));
// All filters on should not modify types
$this->assertType('array',
$this->all_filters_on->filter($to_filter_array));
$this->assertType('string',
$this->all_filters_on->filter($to_filter_str));
// All filters on extended should modify types to ExtendedResponse*
$this->assertType('ExtendedResponseArray',
$this->all_filters_on_extended->filter($to_filter_array));
$this->assertType('ExtendedResponseString',
$this->all_filters_on_extended->filter($to_filter_str));
// Example should modify types to ExtendedResponse*
$this->assertType('ExtendedResponseArray',
$this->example->filter($to_filter_array));
$this->assertType('ExtendedResponseString',
$this->example->filter($to_filter_str));
* Verifies that all conversions from ExtendedResponse* work properly.
// Converting an ExtendedResponseArray to string should simply
// give us the string 'Array' -- just like an array does.
$this->assertEquals('Array',
(string)
$this->all_filters_on_extended->filter(
// Converting ExtendedResponseString to string should be the
// exact string passed in.
$this->assertEquals('test',
(string)
$this->all_filters_on_extended->filter('test'));
* Verifies that all the Extended properties exist and work as expected.
$no_changes_arr =
array('test' =>
$no_changes);
$changes_arr =
array('test' =>
$changes);
// Getting changes should always be a bool and reflect if
// changes to the string or array had to be made
$this->assertEquals(False,
($this->all_filters_on_extended->filter(
$no_changes_arr)->changes));
$this->assertEquals(True,
($this->all_filters_on_extended->filter(
$changes_arr)->changes));
$this->assertEquals(False,
$this->all_filters_on_extended->filter($no_changes)->changes);
$this->assertEquals(True,
$this->all_filters_on_extended->filter($changes)->changes);
// Requesting the data should give us the same as casting
(array)
$this->all_filters_on_extended->filter(
$this->all_filters_on_extended->filter(
(array)
$this->all_filters_on_extended->filter(
$this->all_filters_on_extended->filter($changes_arr)->data);
(string)
$this->all_filters_on_extended->filter($no_changes),
$this->all_filters_on_extended->filter($no_changes)->data);
(string)
$this->all_filters_on_extended->filter($changes),
$this->all_filters_on_extended->filter($changes)->data);
// Anything that is not data or changes should return nothing
// no matter what is passed in
$this->all_filters_on_extended->filter($changes)->test);
$this->all_filters_on_extended->filter($no_changes)->test);
$this->all_filters_on_extended->filter($changes_arr)->test);
$this->all_filters_on_extended->filter($no_changes_arr)->test);
* Verifies the type of filtering that is expected is returned.
$simple_html =
'start<b>inside</b>end';
$example_xss_double =
'"><script>alert(1);</script><span "';
$example_xss_single =
"'><script>alert(1);</script><span '";
'simple_html' =>
$simple_html,
'example_xss_double' =>
$example_xss_double,
'example_xss_single' =>
$example_xss_single,
// Everything off should do NOTHING
$this->assertEquals($simple_html, $this->unsafe->filter($simple_html));
$this->assertEquals($example_xss_double,
$this->unsafe->filter($example_xss_double));
$this->assertEquals($example_xss_single,
$this->unsafe->filter($example_xss_single));
$this->assertEquals($combined,
$this->unsafe->filter($combined));
// All filters on should be safe strings
'simple_html' =>
'startend',
'example_xss_double' =>
'%26quot%3B%26gt%3B',
'example_xss_single' =>
'%27%26gt%3B',
$this->assertEquals($results['simple_html'],
$this->all_filters_on->filter($simple_html));
$this->assertEquals($results['example_xss_double'],
$this->all_filters_on->filter($example_xss_double));
$this->assertEquals($results['example_xss_single'],
$this->all_filters_on->filter($example_xss_single));
$this->assertEquals($results,
$this->all_filters_on->filter($combined));
// All filters on extended should be safe strings in extended format
'simple_html' =>
'startend',
'example_xss_double' =>
'%26quot%3B%26gt%3B',
'example_xss_single' =>
'%27%26gt%3B',
$this->assertEquals($results['simple_html'],
(string)
$this->all_filters_on_extended->filter($simple_html));
$this->assertEquals($results['example_xss_double'],
(string)
$this->all_filters_on_extended->filter(
$this->assertEquals($results['example_xss_single'],
(string)
$this->all_filters_on_extended->filter(
$this->assertEquals($results,
(array)
$this->all_filters_on_extended->filter($combined));
// Example should be safe strings in extended format
'simple_html' =>
'startend',
'example_xss_double' =>
'%22%3E',
'example_xss_single' =>
'%27%3E',
$this->assertEquals($results['simple_html'],
(string)
$this->example->filter($simple_html));
$this->assertEquals($results['example_xss_double'],
(string)
$this->example->filter($example_xss_double));
$this->assertEquals($results['example_xss_single'],
(string)
$this->example->filter($example_xss_single));
$this->assertEquals($results,
(array)
$this->example->filter($combined));
Documentation generated on Mon, 01 Nov 2010 10:59:06 -0400 by phpDocumentor 1.4.3