[ Index ]

PHP Cross Reference of YOURLS

title

Body

[close]

/tests/tests/format/ -> EscTest.php (source)

   1  <?php
   2  
   3  /**
   4   * Escaping formatting functions.
   5   * Note: tests about escaping and sanitizing URLs are in urls.php
   6   *
   7   * @since 0.1
   8   */
   9  #[\PHPUnit\Framework\Attributes\Group('formatting')]
  10  class EscTest extends PHPUnit\Framework\TestCase {
  11  
  12      /**
  13       * Attributes and how they should be escaped
  14       */
  15      static function html_attributes(): \Iterator
  16      {
  17          yield array(
  18              '"double quotes"',
  19              '&quot;double quotes&quot;',
  20          );
  21          yield array(
  22              "'single quotes'",
  23              '&#039;single quotes&#039;',
  24          );
  25          yield array(
  26              "'mixed' " . '"quotes"',
  27              '&#039;mixed&#039; &quot;quotes&quot;',
  28          );
  29          yield array(
  30              'foo & bar &baz; &apos;',
  31              'foo &amp; bar &amp;baz; &apos;',
  32          );
  33      }
  34  
  35  
  36      /**
  37       * Attribute escaping
  38       *
  39       * @since 0.1
  40       */
  41      #[\PHPUnit\Framework\Attributes\DataProvider('html_attributes')]
  42      function test_esc_attr( $attr, $escaped ) {
  43          $this->assertSame( $escaped, yourls_esc_attr( $attr ) );
  44      }
  45  
  46      /**
  47       * Attribute escaping -- escaping twice shouldn't change
  48       *
  49       * @since 0.1
  50       */
  51      #[\PHPUnit\Framework\Attributes\DataProvider('html_attributes')]
  52      function test_esc_attr_twice( $attr, $escaped ) {
  53          $this->assertSame( $escaped, yourls_esc_attr( yourls_esc_attr( $attr ) ) );
  54      }
  55  
  56      /**
  57       * HTML string and how they should be escaped
  58       */
  59      static function html_strings(): \Iterator
  60      {
  61          // Simple string
  62          yield array(
  63              'The quick brown fox.',
  64              'The quick brown fox.',
  65          );
  66          // URL with &
  67          yield array(
  68              'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&action=edit&keyword=1a&nonce=bf3115ac3a',
  69              'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&amp;action=edit&amp;keyword=1a&amp;nonce=bf3115ac3a',
  70          );
  71          // More ampersands
  72          yield array(
  73              'H&M and Dungeons & Dragons',
  74              'H&amp;M and Dungeons &amp; Dragons',
  75          );
  76          // Simple quotes
  77          yield array(
  78              "SELECT stuff FROM table WHERE blah IN ('omg', 'wtf') AND foo = 1",
  79              'SELECT stuff FROM table WHERE blah IN (&#039;omg&#039;, &#039;wtf&#039;) AND foo = 1',
  80          );
  81          // Double quotes
  82          yield array(
  83              'I am "special"',
  84              'I am &quot;special&quot;',
  85          );
  86          // Greater and less than
  87          yield array(
  88              'this > that < that <randomhtml />',
  89              'this &gt; that &lt; that &lt;randomhtml /&gt;',
  90          );
  91          // Ignore actual entities
  92          yield array(
  93              '&#038; &#x00A3; &#x22; &amp;',
  94              '&amp; &#xA3; &quot; &amp;',
  95          );
  96          // Empty string
  97          yield array(
  98              '',
  99              '',
 100          );
 101      }
 102  
 103      /**
 104       * HTML escaping
 105       *
 106       * @since 0.1
 107       */
 108      #[\PHPUnit\Framework\Attributes\DataProvider('html_strings')]
 109      function test_esc_html( $html, $escaped ) {
 110          $this->assertSame( $escaped, yourls_esc_html( $html ) );
 111      }
 112  
 113      /**
 114       * String to escape and what they should look like once escaped
 115       */
 116      public function strings_to_escape() {
 117          return array(
 118             array( "I'm rock n' rollin'", "I\'m rock n\' rollin\'" ),
 119             array( 'I am "nice"', 'I am \"nice\"' ),
 120             array( 'Back\Slash', 'Back\\\Slash' ),
 121             array( "NULL\0NULL", 'NULL\0NULL' ), // notice the quote change
 122          );
 123      }
 124  
 125      /**
 126       * List of URLs and how they should be escaped
 127       */
 128      static function list_of_URLs(): \Iterator
 129      {
 130          yield array(
 131              'http://example.com/?this=that&that=this',
 132              'http://example.com/?this=that&#038;that=this',
 133          );
 134          yield array(
 135              'http://example.com/?this=that&that="this"',
 136              'http://example.com/?this=that&#038;that=this',
 137          );
 138          yield array(
 139              "http://example.com/?this=that&that='this'",
 140              'http://example.com/?this=that&#038;that=&#039;this&#039;',
 141          );
 142          yield array(
 143              "http://example.com/?this=that&that=<this>",
 144              'http://example.com/?this=that&#038;that=this',
 145          );
 146      }
 147  
 148      /**
 149       * Escape URLs for display
 150       *
 151       * @since 0.1
 152       */
 153      #[\PHPUnit\Framework\Attributes\DataProvider('list_of_URLs')]
 154      #[\PHPUnit\Framework\Attributes\Group('url')]
 155      function test_esc_urls( $url, $escaped ) {
 156          $this->assertEquals( $escaped, yourls_esc_url( $url ) );
 157      }
 158  
 159      /**
 160       * Some strings and how they should be escaped in javascript
 161       */
 162      static function list_of_JS(): \Iterator
 163      {
 164          yield array(
 165              'hello world();',
 166              'hello world();',
 167          );
 168          yield array(
 169              'hello("world");',
 170              'hello(&quot;world&quot;);',
 171          );
 172          yield array(
 173              'foo & bar &baz; &apos;',
 174              'foo &amp; bar &amp;baz; &apos;',
 175          );
 176      }
 177  
 178      /**
 179       * Escape JS
 180       *
 181       * @since 0.1
 182       */
 183      #[\PHPUnit\Framework\Attributes\DataProvider('list_of_JS')]
 184      function test_esc_js( $js, $escaped ) {
 185          $this->assertEquals( $escaped, yourls_esc_js( $js ) );
 186      }
 187  
 188      /**
 189       * Strings in a textarea and how they should be escaped
 190       */
 191      static function list_of_textarea(): \Iterator
 192      {
 193          yield array(
 194              'hello<br/>world',
 195              'hello&lt;br/&gt;world',
 196          );
 197          yield array(
 198              '"omg"',
 199              '&quot;omg&quot;',
 200          );
 201          yield array(
 202              "'omg'",
 203              '&#039;omg&#039;',
 204          );
 205      }
 206  
 207      /**
 208       * Escape JS
 209       *
 210       * @since 0.1
 211       */
 212      #[\PHPUnit\Framework\Attributes\DataProvider('list_of_textarea')]
 213      function test_esc_textarea( $text, $escaped ) {
 214          $this->assertEquals( $escaped, yourls_esc_textarea( $text ) );
 215      }
 216  
 217  }


Generated: Mon Mar 31 05:10:02 2025 Cross-referenced by PHPXref 0.7.1