From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 tests/Framework/Html.php |   62 +++++++++++++++++++++++++++++-
 1 files changed, 59 insertions(+), 3 deletions(-)

diff --git a/tests/Framework/Html.php b/tests/Framework/Html.php
index 8a27bac..d9466e6 100644
--- a/tests/Framework/Html.php
+++ b/tests/Framework/Html.php
@@ -19,6 +19,63 @@
     }
 
     /**
+     * Data for test_attrib_string()
+     */
+    function data_attrib_string()
+    {
+        return array(
+            array(
+                array(), null, '',
+            ),
+            array(
+                array('test' => 'test'), null, ' test="test"',
+            ),
+            array(
+                array('test' => 'test'), array('test'), ' test="test"',
+            ),
+            array(
+                array('test' => 'test'), array('other'), '',
+            ),
+            array(
+                array('checked' => true), null, ' checked="checked"',
+            ),
+            array(
+                array('checked' => ''), null, '',
+            ),
+            array(
+                array('onclick' => ''), null, '',
+            ),
+            array(
+                array('size' => 5), null, ' size="5"',
+            ),
+            array(
+                array('size' => 'test'), null, '',
+            ),
+            array(
+                array('data-test' => 'test'), null, ' data-test="test"',
+            ),
+            array(
+                array('data-test' => 'test'), array('other'), '',
+            ),
+            array(
+                array('data-test' => 'test'), array('data-test'), ' data-test="test"',
+            ),
+            array(
+                array('data-test' => 'test'), array('data-*'), ' data-test="test"',
+            ),
+        );
+    }
+
+    /**
+     * Test for attrib_string()
+     * @dataProvider data_attrib_string
+     */
+    function test_attrib_string($arg1, $arg2, $result)
+    {
+        $this->assertEquals(html::attrib_string($arg1, $arg2), $result);
+    }
+
+    /**
      * Data for test_quote()
      */
     function data_quote()
@@ -31,7 +88,6 @@
             array('>', '&gt;'),
             array('&', '&amp;'),
             array('&amp;', '&amp;amp;'),
-            array('&amp;', '&amp;', true),
         );
     }
 
@@ -39,8 +95,8 @@
      * Test for quote()
      * @dataProvider data_quote
      */
-    function test_quote($str, $result, $validate = false)
+    function test_quote($str, $result)
     {
-        $this->assertEquals(html::quote($str, $validate), $result);
+        $this->assertEquals(html::quote($str), $result);
     }
 }

--
Gitblit v1.9.1