aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/plugins
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2017-03-08 20:38:41 +0100
committerVirtualTam <virtualtam@flibidi.net>2017-03-08 20:38:41 +0100
commit1328d222680edf2ebdaea5624a7496240bd075f0 (patch)
treed515b37130d6ea07ff3ecccf9d6dd5a2ebf83ec0 /tests/plugins
parentebd67c6e1b40aebdd3a52285ce9ff9412b2a3038 (diff)
downloadShaarli-1328d222680edf2ebdaea5624a7496240bd075f0.tar.gz
Shaarli-1328d222680edf2ebdaea5624a7496240bd075f0.tar.zst
Shaarli-1328d222680edf2ebdaea5624a7496240bd075f0.zip
security: escape HTML entities when using Markdown
Adapted from https://github.com/shaarli/Shaarli/pull/785 Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'tests/plugins')
-rw-r--r--tests/plugins/PluginMarkdownTest.php18
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/plugins/PluginMarkdownTest.php b/tests/plugins/PluginMarkdownTest.php
index fa7e1d52..67bf8968 100644
--- a/tests/plugins/PluginMarkdownTest.php
+++ b/tests/plugins/PluginMarkdownTest.php
@@ -149,4 +149,22 @@ class PluginMarkdownTest extends PHPUnit_Framework_TestCase
149 $data = hook_markdown_render_daily($data); 149 $data = hook_markdown_render_daily($data);
150 $this->assertEquals($str, $data['cols'][0][0]['formatedDescription']); 150 $this->assertEquals($str, $data['cols'][0][0]['formatedDescription']);
151 } 151 }
152
153 /**
154 * Make sure that the HTML tags are escaped.
155 */
156 public function testMarkdownWithHtmlEscape()
157 {
158 $md = '**strong** <strong>strong</strong>';
159 $html = '<div class="markdown"><p><strong>strong</strong> &lt;strong&gt;strong&lt;/strong&gt;</p></div>';
160 $data = array(
161 'links' => array(
162 0 => array(
163 'description' => $md,
164 ),
165 ),
166 );
167 $data = hook_markdown_render_linklist($data);
168 $this->assertEquals($html, $data['links'][0]['description']);
169 }
152} 170}