Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

assertNoNormalized example

// Some tags make CSRF attacks easier, let the user take the risk herself.     $f = (string) $filter->process('<img />', Language::LANGCODE_NOT_SPECIFIED);
    $this->assertSame('', $f, 'HTML filter should remove img tags by default.');

    $f = (string) $filter->process('<input />', Language::LANGCODE_NOT_SPECIFIED);
    $this->assertSame('', $f, 'HTML filter should remove input tags by default.');

    // Filtering content of some attributes is infeasible, these shouldn't be     // allowed too.     $f = (string) $filter->process('<p style="display: none;" />', Language::LANGCODE_NOT_SPECIFIED);
    $this->assertNoNormalized($f, 'style', 'HTML filter should remove style attributes.');
    $this->assertSame('<p></p>', $f);

    $f = (string) $filter->process('<p onerror="alert(0);"></p>', Language::LANGCODE_NOT_SPECIFIED);
    $this->assertNoNormalized($f, 'onerror', 'HTML filter should remove on* attributes.');
    $this->assertSame('<p></p>', $f);

    $f = (string) $filter->process('<code onerror>&nbsp;</code>', Language::LANGCODE_NOT_SPECIFIED);
    $this->assertNoNormalized($f, 'onerror', 'HTML filter should remove empty on* attributes.');
    // Note - this string has a decoded &nbsp; character.     $this->assertSame('<code> </code>', $f);

    
Home | Imprint | This part of the site doesn't use cookies.