diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-01-31 19:07:45 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-01-31 19:07:45 +0000 |
| commit | f12b1b637f748051c1fd9e260881208092bf913b (patch) | |
| tree | c99f48f2d9a2d8ca7b1601c5902efef4db0f7273 /modules | |
| parent | 610bc6f7edf0f30dacbae55a7a14c1e3f0898472 (diff) | |
| download | brdo-f12b1b637f748051c1fd9e260881208092bf913b.tar.gz brdo-f12b1b637f748051c1fd9e260881208092bf913b.tar.bz2 | |
- Patch #354812 by catch, mfer: filter_xss_bad_protocol is called hundreds of times on some pages.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/simpletest/tests/common.test | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test index 5f039660f..a6f1053e6 100644 --- a/modules/simpletest/tests/common.test +++ b/modules/simpletest/tests/common.test @@ -1,6 +1,31 @@ <?php // $Id$ +/** + * Tests for the l() function. + */ +class CommonLUnitTest extends DrupalWebTestCase { + + function getInfo() { + return array( + 'name' => t('Tests for the l() function'), + 'description' => t('Confirm that url() works correctly with various input.'), + 'group' => t('System'), + ); + } + + /** + * Confirm that invalid text given as $path is filtered. + */ + function testLXSS() { + $text = $this->randomName(); + $path = "<SCRIPT>alert('XSS')</SCRIPT>"; + $link = l($text, $path); + $sanitized_path = check_url(url($path)); + $this->assertTrue(strpos($link, $sanitized_path) != FALSE, t('XSS attack @path was filtered', array('@path' => $path))); + } +} + class CommonSizeTestCase extends DrupalWebTestCase { protected $exact_test_cases; protected $rounded_test_cases; |