"Foo\xC0barbaz", '', 'Xss::filter() accepted invalid sequence "Foo\xC0barbaz"'
],
["Fooÿñ", "Fooÿñ", 'Xss::filter() rejects valid sequence Fooÿñ"'
],
["\xc0aaa", '', 'HTML filter -- overlong UTF-8 sequences.'
],
];
} /**
* Checks that strings starting with a question sign are correctly processed.
*/
public function testQuestionSign() { $value = Xss::
filter('<?xml:namespace ns="urn:schemas-microsoft-com:time">'
);
$this->
assertStringNotContainsStringIgnoringCase('<?xml',
$value, 'HTML tag stripping evasion -- starting with a question sign (processing instructions).'
);
} /**
* Check that strings in HTML attributes are correctly processed.
*
* @covers ::attributes
* @dataProvider providerTestAttributes
*/
public function testAttribute($value,
$expected,
$message,
$allowed_tags = NULL
) { $value = Xss::
filter($value,
$allowed_tags);
$this->
assertEquals($expected,
$value,
$message);
}