From 9b05f19338e209f05386e5b13fe0a704c94062bb Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 27 Aug 2012 02:45:13 -0400
Subject: [PATCH] Restructured tests
---
tests/Framework/Utils.php | 36 +++++++++++++++++++++++++++++++++++-
1 files changed, 35 insertions(+), 1 deletions(-)
diff --git a/tests/Utils.php b/tests/Framework/Utils.php
similarity index 68%
rename from tests/Utils.php
rename to tests/Framework/Utils.php
index ad0aa1d..b6cc5d5 100644
--- a/tests/Utils.php
+++ b/tests/Framework/Utils.php
@@ -5,7 +5,7 @@
*
* @package Tests
*/
-class Utils extends PHPUnit_Framework_TestCase
+class Framework_Utils extends PHPUnit_Framework_TestCase
{
/**
@@ -82,4 +82,38 @@
$this->assertFalse(rcube_utils::check_email($email, false), $title);
}
+ /**
+ * rcube_utils::mod_css_styles()
+ */
+ function test_mod_css_styles()
+ {
+ $css = file_get_contents(TESTS_DIR . 'src/valid.css');
+ $mod = rcube_utils::mod_css_styles($css, 'rcmbody');
+
+ $this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition");
+ $this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)");
+ $this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)");
+ $this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles");
+ }
+
+ /**
+ * rcube_utils::mod_css_styles()
+ */
+ function test_mod_css_styles_xss()
+ {
+ $mod = rcube_utils::mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody');
+ $this->assertEquals("/* evil! */", $mod, "No url() values allowed");
+
+ $mod = rcube_utils::mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody');
+ $this->assertEquals("/* evil! */", $mod, "No import statements");
+
+ $mod = rcube_utils::mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody');
+ $this->assertEquals("/* evil! */", $mod, "No expression properties");
+
+ $mod = rcube_utils::mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody');
+ $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks");
+
+ $mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody');
+ $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)");
+ }
}
--
Gitblit v1.9.1