Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-07 16:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix for dol_string_onlythesehtmlattributes()

Browse Source
This commit is contained in:
Laurent Destailleur
2021-12-17 12:01:25 +01:00
parent e60f65db7d
commit 654cd8bd1c
5 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
test/phpunit/SecurityTest.php
View File

@@ -672,10 +672,14 @@ class SecurityTest extends PHPUnit\Framework\TestCase
*/
public function testDolStringOnlyTheseHtmlAttributes()
{
$stringtotest = 'eée';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$this->assertEquals('eée', $decodedstring, 'Function did not sanitize correclty with test 1');
$stringtotest = '<div onload="ee"><a href="123"><span class="abc">abc</span></a></div>';
$decodedstring = dol_string_onlythesehtmlattributes($stringtotest);
$decodedstring = preg_replace("/\n$/", "", $decodedstring);
$this->assertEquals('<div><a href="123"><span class="abc">abc</span></a></div>', $decodedstring, 'Function did not sanitize correclty with test 1');
$this->assertEquals('<div><a href="123"><span class="abc">abc</span></a></div>', $decodedstring, 'Function did not sanitize correclty with test 2');
return 0;
}