Fixed bug #12908: wrong distance between image rows [css styled content]
[Packages/TYPO3.CMS.git] / tests / contrib / removexss_testcase.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2009 Steffen Kamper <info@sk-typo3.de>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 require(PATH_typo3 . 'contrib/RemoveXSS/RemoveXSS.php');
26
27 /**
28 * Testcase for class RemoveXSS
29 *
30 * @author Steffen Kamper <info@sk-typo3.de>
31 * @package TYPO3
32 * @subpackage contrib
33 * @ see http://ha.ckers.org/xss.html
34 * @ examples from http://ha.ckers.org/xssAttacks.xml
35 */
36 class RemoveXSS_testcase extends tx_phpunit_testcase {
37
38 /**
39 * @test
40 */
41 public function checkAttackScriptAlert() {
42 $testString = "<SCRIPT>alert('XSS')</SCRIPT>";
43 $expectedString = "<sc<x>ript>alert('XSS')</SCRIPT>";
44 $actualString = RemoveXSS::process($testString);
45
46 $this->assertEquals($expectedString, $actualString);
47 }
48 /**
49 * @test
50 */
51 public function checkAttackScriptSrcJs() {
52 $testString = '<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>';
53 $expectedString = "<sc<x>ript SRC=http://ha.ckers.org/xss.js></SCRIPT>";
54 $actualString = RemoveXSS::process($testString);
55
56 $this->assertEquals($expectedString, $actualString);
57 }
58 /**
59 * @test
60 */
61 public function checkAttackScriptAlertFromCharCode() {
62 $testString = '<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>';
63 $expectedString = '<sc<x>ript>alert(String.fromCharCode(88,83,83))</SCRIPT>';
64 $actualString = RemoveXSS::process($testString);
65
66 $this->assertEquals($expectedString, $actualString);
67 }
68 /**
69 * @test
70 */
71 public function checkAttackBaseHref() {
72 $testString = "<BASE HREF=\"javascript:alert('XSS');//\">";
73 $expectedString = "<ba<x>se HREF=\"ja<x>vascript:alert('XSS');//\">";
74 $actualString = RemoveXSS::process($testString);
75
76 $this->assertEquals($expectedString, $actualString);
77 }
78 /**
79 * @test
80 */
81 public function checkAttackBgsound() {
82 $testString = "<BGSOUND SRC=\"javascript:alert('XSS');\">";
83 $expectedString = "<bg<x>sound SRC=\"ja<x>vascript:alert('XSS');\">";
84 $actualString = RemoveXSS::process($testString);
85
86 $this->assertEquals($expectedString, $actualString);
87 }
88 /**
89 * @test
90 */
91 public function checkAttackBodyBackground() {
92 $testString = "<BODY BACKGROUND=\"javascript:alert('XSS');\">";
93 $expectedString = "<BODY BACKGROUND=\"ja<x>vascript:alert('XSS');\">";
94 $actualString = RemoveXSS::process($testString);
95
96 $this->assertEquals($expectedString, $actualString);
97 }
98 /**
99 * @test
100 */
101 public function checkAttackBodyOnLoad() {
102 $testString = "<BODY ONLOAD=alert('XSS')>";
103 $expectedString = "<BODY on<x>load=alert('XSS')>";
104 $actualString = RemoveXSS::process($testString);
105
106 $this->assertEquals($expectedString, $actualString);
107 }
108 /**
109 * @test
110 */
111 public function checkAttackStyleUrl() {
112 $testString = "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">";
113 $expectedString = "<DIV st<x>yle=\"background-image: url(ja<x>vascript:alert('XSS'))\">";
114 $actualString = RemoveXSS::process($testString);
115
116 $this->assertEquals($expectedString, $actualString);
117 }
118 /**
119 * @test
120 */
121 public function checkAttackStyleWidth() {
122 $testString = "<DIV STYLE=\"width: expression(alert('XSS'));\">";
123 $expectedString = "<DIV st<x>yle=\"width: expression(alert('XSS'));\">";
124 $actualString = RemoveXSS::process($testString);
125
126 $this->assertEquals($expectedString, $actualString);
127 }
128 /**
129 * @test
130 */
131 public function checkAttackFrameset() {
132 $testString = "<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>";
133 $expectedString = "<fr<x>ameset><fr<x>ame SRC=\"ja<x>vascript:alert('XSS');\"></FRAMESET>";
134 $actualString = RemoveXSS::process($testString);
135
136 $this->assertEquals($expectedString, $actualString);
137 }
138 /**
139 * @test
140 */
141 public function checkAttackIframe() {
142 $testString = "<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>";
143 $expectedString = "<if<x>rame SRC=\"ja<x>vascript:alert('XSS');\"></IFRAME>";
144 $actualString = RemoveXSS::process($testString);
145
146 $this->assertEquals($expectedString, $actualString);
147 }
148 /**
149 * @test
150 */
151 public function checkAttackInputImage() {
152 $testString = "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">";
153 $expectedString = "<INPUT TYPE=\"IMAGE\" SRC=\"ja<x>vascript:alert('XSS');\">";
154 $actualString = RemoveXSS::process($testString);
155
156 $this->assertEquals($expectedString, $actualString);
157 }
158 /**
159 * @test
160 */
161 public function checkAttackImageSrc() {
162 $testString = "<IMG SRC=\"javascript:alert('XSS');\">";
163 $expectedString = "<IMG SRC=\"ja<x>vascript:alert('XSS');\">";
164 $actualString = RemoveXSS::process($testString);
165
166 $this->assertEquals($expectedString, $actualString);
167 }
168 /**
169 * @test
170 */
171 public function checkAttackImageSrcNoQuotesNoSemicolon() {
172 $testString = "<IMG SRC=javascript:alert('XSS')>";
173 $expectedString = "<IMG SRC=ja<x>vascript:alert('XSS')>";
174 $actualString = RemoveXSS::process($testString);
175
176 $this->assertEquals($expectedString, $actualString);
177 }
178 /**
179 * @test
180 */
181 public function checkAttackImageDynsrc() {
182 $testString = "<IMG DYNSRC=\"javascript:alert('XSS');\">";
183 $expectedString = "<IMG DYNSRC=\"ja<x>vascript:alert('XSS');\">";
184 $actualString = RemoveXSS::process($testString);
185
186 $this->assertEquals($expectedString, $actualString);
187 }
188 /**
189 * @test
190 */
191 public function checkAttackImageLowsrc() {
192 $testString = "<IMG LOWSRC=\"javascript:alert('XSS');\">";
193 $expectedString = "<IMG LOWSRC=\"ja<x>vascript:alert('XSS');\">";
194 $actualString = RemoveXSS::process($testString);
195
196 $this->assertEquals($expectedString, $actualString);
197 }
198 /**
199 * @test
200 */
201 public function checkAttackStyle() {
202 $testString = "<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE>";
203 $expectedString = "<st<x>yle>li {list-style-image: url(\"ja<x>vascript:alert('XSS')\");}</STYLE>";
204 $actualString = RemoveXSS::process($testString);
205
206 $this->assertEquals($expectedString, $actualString);
207 }
208 /**
209 * @test
210 */
211 public function checkAttackImageVbscript() {
212 $testString = "<IMG SRC='vbscript:msgbox(\"XSS\")'>";
213 $expectedString = "<IMG SRC='vb<x>script:msgbox(\"XSS\")'>";
214 $actualString = RemoveXSS::process($testString);
215
216 $this->assertEquals($expectedString, $actualString);
217 }
218 /**
219 * @test
220 */
221 public function checkAttackLayer() {
222 $testString = "<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>";
223 $expectedString = "<la<x>yer SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>";
224 $actualString = RemoveXSS::process($testString);
225
226 $this->assertEquals($expectedString, $actualString);
227 }
228 /**
229 * @test
230 */
231 public function checkAttackMeta() {
232 $testString = '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">';
233 $expectedString = '<me<x>ta HTTP-EQUIV="refresh" CONTENT="0;url=ja<x>vascript:alert(\'XSS\');">';
234 $actualString = RemoveXSS::process($testString);
235
236 $this->assertEquals($expectedString, $actualString);
237 }
238 /**
239 * @test
240 */
241 public function checkAttackMetaWithUrl() {
242 $testString = '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">';
243 $expectedString = '<me<x>ta HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">';
244 $actualString = RemoveXSS::process($testString);
245
246 $this->assertEquals($expectedString, $actualString);
247 }
248 /**
249 * @test
250 */
251 public function checkAttackMetaWithUrlExtended() {
252 $testString = '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'XSS\');">';
253 $expectedString = '<me<x>ta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=ja<x>vascript:alert(\'XSS\');">';
254 $actualString = RemoveXSS::process($testString);
255
256 $this->assertEquals($expectedString, $actualString);
257 }
258 /**
259 * @test
260 */
261 public function checkAttackObject() {
262 $testString = '<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>';
263 $expectedString = '<ob<x>ject TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>';
264 $actualString = RemoveXSS::process($testString);
265
266 $this->assertEquals($expectedString, $actualString);
267 }
268 /**
269 * @test
270 */
271 public function checkAttackObjectEmbeddedXss() {
272 $testString = '<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(\'XSS\')></OBJECT>';
273 $expectedString = '<ob<x>ject classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=ja<x>vascript:alert(\'XSS\')></OBJECT>';
274 $actualString = RemoveXSS::process($testString);
275
276 $this->assertEquals($expectedString, $actualString);
277 }
278 /**
279 * @test
280 */
281 public function checkAttackEmbedFlash() {
282 $testString = '<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>';
283 $expectedString = '<em<x>bed SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>';
284 $actualString = RemoveXSS::process($testString);
285
286 $this->assertEquals($expectedString, $actualString);
287 }
288 /**
289 * @test
290 */
291 public function checkAttackActionScriptEval() {
292 $testString = 'a="get";b="URL("";c="javascript:";d="alert(\'XSS\');")";eval(a+b+c+d);";';
293 $expectedString = 'a="get";b="URL("";c="ja<x>vascript:";d="alert(\'XSS\');")";eval(a+b+c+d);";';
294 $actualString = RemoveXSS::process($testString);
295
296 $this->assertEquals($expectedString, $actualString);
297 }
298 /**
299 * @test
300 */
301 public function checkAttackImageStyleWithComment() {
302 $testString = '<IMG STYLE="xss:expr/*XSS*/ession(alert(\'XSS\'))">';
303 $expectedString = '<IMG st<x>yle="xss:expr/*XSS*/ession(alert(\'XSS\'))">';
304 $actualString = RemoveXSS::process($testString);
305
306 $this->assertEquals($expectedString, $actualString);
307 }
308 /**
309 * @test
310 */
311 public function checkAttackStyleInAnonymousHtml() {
312 $testString = '<XSS STYLE="xss:expression(alert(\'XSS\'))">';
313 $expectedString = '<XSS st<x>yle="xss:expression(alert(\'XSS\'))">';
314 $actualString = RemoveXSS::process($testString);
315
316 $this->assertEquals($expectedString, $actualString);
317 }
318 /**
319 * @test
320 */
321 public function checkAttackStyleWithBackgroundImage() {
322 $testString = '<STYLE>.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A CLASS=XSS></A>';
323 $expectedString = '<st<x>yle>.XSS{background-image:url("ja<x>vascript:alert(\'XSS\')");}</STYLE><A CLASS=XSS></A>';
324 $actualString = RemoveXSS::process($testString);
325
326 $this->assertEquals($expectedString, $actualString);
327 }
328 /**
329 * @test
330 */
331 public function checkAttackStyleWithBackground() {
332 $testString = '<STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>';
333 $expectedString = '<st<x>yle type="text/css">BODY{background:url("ja<x>vascript:alert(\'XSS\')")}</STYLE>';
334 $actualString = RemoveXSS::process($testString);
335
336 $this->assertEquals($expectedString, $actualString);
337 }
338 /**
339 * @test
340 */
341 public function checkAttackStylesheet() {
342 $testString = '<LINK REL="stylesheet" HREF="javascript:alert(\'XSS\');">';
343 $expectedString = '<li<x>nk REL="stylesheet" HREF="ja<x>vascript:alert(\'XSS\');">';
344 $actualString = RemoveXSS::process($testString);
345
346 $this->assertEquals($expectedString, $actualString);
347 }
348 /**
349 * @test
350 */
351 public function checkAttackRemoteStylesheet() {
352 $testString = '<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">';
353 $expectedString = '<li<x>nk REL="stylesheet" HREF="http://ha.ckers.org/xss.css">';
354 $actualString = RemoveXSS::process($testString);
355
356 $this->assertEquals($expectedString, $actualString);
357 }
358 /**
359 * @test
360 */
361 public function checkAttackImportRemoteStylesheet() {
362 $testString = '<STYLE>@import\'http://ha.ckers.org/xss.css\';</STYLE>';
363 $expectedString = '<st<x>yle>@import\'http://ha.ckers.org/xss.css\';</STYLE>';
364 $actualString = RemoveXSS::process($testString);
365
366 $this->assertEquals($expectedString, $actualString);
367 }
368
369
370 }
371
372 ?>