aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/plugins/PluginMarkdownTest.php
diff options
context:
space:
mode:
authorArthur <arthur@hoa.ro>2016-02-25 08:52:42 +0100
committerArthur <arthur@hoa.ro>2016-02-25 08:52:42 +0100
commit10269bc8c9dfe87eb213c09a44308ce64ae0c12d (patch)
tree90bbe4d9f5b5788cc348c3883efe22deb659ded9 /tests/plugins/PluginMarkdownTest.php
parentcee0d9609f7cf860cf951ca2d838cfaacecd37d2 (diff)
parent2925687e1e86dc113116330efd547b9db5c0f1a6 (diff)
downloadShaarli-10269bc8c9dfe87eb213c09a44308ce64ae0c12d.tar.gz
Shaarli-10269bc8c9dfe87eb213c09a44308ce64ae0c12d.tar.zst
Shaarli-10269bc8c9dfe87eb213c09a44308ce64ae0c12d.zip
Merge pull request #491 from ArthurHoaro/markdown-escape2
Markdown: don't escape content + sanitize sensible tags
Diffstat (limited to 'tests/plugins/PluginMarkdownTest.php')
-rw-r--r--tests/plugins/PluginMarkdownTest.php19
1 files changed, 12 insertions, 7 deletions
diff --git a/tests/plugins/PluginMarkdownTest.php b/tests/plugins/PluginMarkdownTest.php
index 455f5ba7..8e1a128a 100644
--- a/tests/plugins/PluginMarkdownTest.php
+++ b/tests/plugins/PluginMarkdownTest.php
@@ -100,13 +100,18 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
100 } 100 }
101 101
102 /** 102 /**
103 * Test reset_quote_tags() 103 * Test sanitize_html().
104 */ 104 */
105 function testResetQuoteTags() 105 function testSanitizeHtml() {
106 { 106 $input = '< script src="js.js"/>';
107 $text = '> quote1'. PHP_EOL . ' > quote2 ' . PHP_EOL . 'noquote'; 107 $input .= '< script attr>alert(\'xss\');</script>';
108 $processedText = escape($text); 108 $input .= '<style> * { display: none }</style>';
109 $reversedText = reset_quote_tags($processedText); 109 $output = escape($input);
110 $this->assertEquals($text, $reversedText); 110 $input .= '<a href="#" onmouseHover="alert(\'xss\');" attr="tt">link</a>';
111 $output .= '<a href="#" attr="tt">link</a>';
112 $this->assertEquals($output, sanitize_html($input));
113 // Do not touch escaped HTML.
114 $input = escape($input);
115 $this->assertEquals($input, sanitize_html($input));
111 } 116 }
112} 117}