From 9d912261e30e597c883e20bc3a89416c28cd8e53 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sat, 4 Sep 2010 17:55:43 +0000
Subject: - Patch #559584 by tic2000, sun: filter_xss() and Line break filter
 break HTML comments. Also added tests.

---
 modules/simpletest/tests/common.test | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/simpletest')

diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test
index 315b77622..0f44bea89 100644
--- a/modules/simpletest/tests/common.test
+++ b/modules/simpletest/tests/common.test
@@ -365,6 +365,9 @@ class CommonXssUnitTest extends DrupalUnitTestCase {
      // Ignore PHP 5.3+ invalid multibyte sequence warning.
      $text = @check_plain("Foo\xC0barbaz");
      $this->assertEqual($text, '', 'check_plain() rejects invalid sequence "Foo\xC0barbaz"');
+     // Ignore PHP 5.3+ invalid multibyte sequence warning.
+     $text = @check_plain("\xc2\"");
+     $this->assertEqual($text, '', 'check_plain() rejects invalid sequence "\xc2\""');
      $text = check_plain("Fooÿñ");
      $this->assertEqual($text, "Fooÿñ", 'check_plain() accepts valid sequence "Fooÿñ"');
      $text = filter_xss("Foo\xC0barbaz");
@@ -379,6 +382,8 @@ class CommonXssUnitTest extends DrupalUnitTestCase {
   function testEscaping() {
      $text = check_plain("<script>");
      $this->assertEqual($text, '&lt;script&gt;', 'check_plain() escapes &lt;script&gt;');
+     $text = check_plain('<>&"\'');
+     $this->assertEqual($text, '&lt;&gt;&amp;&quot;&#039;', 'check_plain() escapes reserved HTML characters.');
   }
 
   /**
-- 
cgit v1.2.3