[SECURITY] t3lib_div::quoteJSvalue allows XSS
[Packages/TYPO3.CMS.git] / tests / Unit / t3lib / codec / t3lib_codec_javascriptencoderTest.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2012 Helmut Hummel <helmut.hummel@typo3.org>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 /**
26 * Test cases for t3lib_codec_JavaScriptEncoder.
27 *
28 * @package TYPO3
29 * @subpackage t3lib
30 *
31 * @author Helmut Hummel <helmut.hummel@typo3.org>
32 */
33 class t3lib_codec_JavaScriptEncoderTest extends Tx_Phpunit_TestCase {
34 /**
35 * @var t3lib_codec_JavaScriptEncoder
36 */
37 protected $fixture = NULL;
38
39 public function setUp() {
40 $this->fixture = new t3lib_codec_JavaScriptEncoder();
41 }
42
43 public function tearDown() {
44 unset($this->fixture);
45 }
46
47 /**
48 * Data provider for encodeEncodesCorrectly.
49 *
50 * @return array
51 */
52 public function encodeEncodesCorrectlyDataProvider() {
53 return array(
54 'Immune characters are returned as is' => array(
55 '._,',
56 '._,'
57 ),
58 'Alphanumerical characters are returned as is' => array(
59 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
60 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
61 ),
62 'Angel brackets and ampersand are encoded' => array(
63 '<>&',
64 '\x3C\x3E\x26',
65 ),
66 'Quotes and slashes are encoded' => array(
67 '"\'\\/',
68 '\x22\x27\x5C\x2F',
69 ),
70 'Empty string stays empty' => array(
71 '',
72 '',
73 ),
74 'Exclamation mark and space are properly encoded' => array(
75 'Hello World!',
76 'Hello\x20World\x21',
77 ),
78 'Whitespaces are properly encoded' => array(
79 TAB . LF . CR . ' ',
80 '\x09\x0A\x0D\x20',
81 ),
82 'Null byte is properly encoded' => array(
83 chr(0),
84 '\x00',
85 ),
86 'Umlauts are properly encoded' => array(
87 'ÜüÖöÄä',
88 '\xDC\xFC\xD6\xF6\xC4\xE4',
89 ),
90 );
91 }
92
93 /**
94 * @test
95 *
96 * @param string $input
97 * @param string $expected
98 *
99 * @dataProvider encodeEncodesCorrectlyDataProvider
100 */
101 public function encodeEncodesCorrectly($input, $expected) {
102 $this->assertSame(
103 $expected,
104 $this->fixture->encode($input)
105 );
106 }
107 }
108 ?>