assertSame( $escaped, yourls_esc_attr( $attr ) );
}
/**
* Attribute escaping -- escaping twice shouldn't change
*
* @dataProvider html_attributes
* @since 0.1
*/
function test_esc_attr_twice( $attr, $escaped ) {
$this->assertSame( $escaped, yourls_esc_attr( yourls_esc_attr( $attr ) ) );
}
/**
* HTML string and how they should be escaped
*/
function html_strings() {
return array(
// Simple string
array(
'The quick brown fox.',
'The quick brown fox.',
),
// URL with &
array(
'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&action=edit&keyword=1a&nonce=bf3115ac3a',
'https://127.0.0.1/admin/admin-ajax.php?id=y1120844669&action=edit&keyword=1a&nonce=bf3115ac3a',
),
// More ampersands
array(
'H&M and Dungeons & Dragons',
'H&M and Dungeons & Dragons',
),
// Simple quotes
array(
"SELECT stuff FROM table WHERE blah IN ('omg', 'wtf') AND foo = 1",
'SELECT stuff FROM table WHERE blah IN ('omg', 'wtf') AND foo = 1',
),
// Double quotes
array(
'I am "special"',
'I am "special"',
),
// Greater and less than
array(
'this > that < that ',
'this > that < that <randomhtml />',
),
// Ignore actual entities
array(
'& £ " &',
'& £ " &',
),
// Empty string
array(
'',
'',
),
);
}
/**
* HTML escaping
*
* @dataProvider html_strings
* @since 0.1
*/
function test_esc_html( $html, $escaped ) {
$this->assertSame( $escaped, yourls_esc_html( $html ) );
}
/**
* String to escape and what they should look like once escaped
*/
public function strings_to_escape() {
return array(
array( "I'm rock n' rollin'", "I\'m rock n\' rollin\'" ),
array( 'I am "nice"', 'I am \"nice\"' ),
array( 'Back\Slash', 'Back\\\Slash' ),
array( "NULL\0NULL", 'NULL\0NULL' ), // notice the quote change
);
}
/**
* List of URLs and how they should be escaped
*/
function list_of_URLs() {
return array(
array(
'http://example.com/?this=that&that=this',
'http://example.com/?this=that&that=this',
),
array(
'http://example.com/?this=that&that="this"',
'http://example.com/?this=that&that=this',
),
array(
"http://example.com/?this=that&that='this'",
'http://example.com/?this=that&that='this'',
),
array(
"http://example.com/?this=that&that=",
'http://example.com/?this=that&that=this',
),
);
}
/**
* Escape URLs for display
*
* @since 0.1
* @group url
* @dataProvider list_of_URLs
*/
function test_esc_urls( $url, $escaped ) {
$this->assertEquals( $escaped, yourls_esc_url( $url ) );
}
/**
* Some strings and how they should be escaped in javascript
*/
function list_of_JS() {
return array(
array(
'hello world();',
'hello world();',
),
array(
'hello("world");',
'hello("world");',
),
array(
'foo & bar &baz; '',
'foo & bar &baz; '',
),
);
}
/**
* Escape JS
*
* @since 0.1
* @dataProvider list_of_JS
*/
function test_esc_js( $js, $escaped ) {
$this->assertEquals( $escaped, yourls_esc_js( $js ) );
}
/**
* Strings in a textarea and how they should be escaped
*/
function list_of_textarea() {
return array(
array(
'hello
world',
'hello<br/>world',
),
array(
'"omg"',
'"omg"',
),
array(
"'omg'",
''omg'',
),
);
}
/**
* Escape JS
*
* @since 0.1
* @dataProvider list_of_textarea
*/
function test_esc_textarea( $text, $escaped ) {
$this->assertEquals( $escaped, yourls_esc_textarea( $text ) );
}
}