/**
* Wrapper for the RemoveXSS function.
* Removes potential XSS code from an input string.
*
* Using an external class by Travis Puderbaugh <*****@*****.**>
*
* @param string $string Input string
* @return string Input string with potential XSS code removed
*/
public static function removeXSS($string)
{
require_once PATH_typo3 . 'contrib/RemoveXSS/RemoveXSS.php';
$string = \RemoveXSS::process($string);
return $string;
}
/**
* @test
* @param string $input Value to test
* @dataProvider processValidDataProvider
*/
public function proccessValidStrings($input)
{
$this->assertEquals($input, RemoveXSS::process($input));
}
/**
* Wrapper for the RemoveXSS function.
* Removes potential XSS code from an input string.
*
* Using an external class by Travis Puderbaugh <*****@*****.**>
*
* @param string $string Input string
* @return string Input string with potential XSS code removed
* @deprecated since TYPO3 v8, will be removed in TYPO3 v9
*/
public static function removeXSS($string)
{
return \RemoveXSS::process($string);
}
/**
* @test
*/
public function checkAttackImportRemoteStylesheet()
{
$testString = '<STYLE>@import\'http://ha.ckers.org/xss.css\';</STYLE>';
$expectedString = '<st<x>yle>@import\'http://ha.ckers.org/xss.css\';</STYLE>';
$actualString = RemoveXSS::process($testString);
$this->assertEquals($expectedString, $actualString);
}
