/**
  * @testdox getDisallowedCharactersInJS() returns a list of strings
  */
 public function testGetDisallowedCharactersInJS()
 {
     $disallowedChars = ContextSafeness::getDisallowedCharactersInJS();
     $this->assertInternalType('array', $disallowedChars);
     foreach ($disallowedChars as $char) {
         $this->assertInternalType('string', $char);
     }
 }
Beispiel #2
0
 public function isSafeInCSS()
 {
     try {
         $regexp = RegexpParser::getAllowedCharacterRegexp($this->vars['regexp']);
         foreach (ContextSafeness::getDisallowedCharactersInCSS() as $char) {
             if (\preg_match($regexp, $char)) {
                 return \false;
             }
         }
         return \true;
     } catch (Exception $e) {
         return \false;
     }
 }
Beispiel #3
0
 public function isSafeInJS()
 {
     if (!isset($this->vars['map']) || empty($this->vars['strict'])) {
         return \false;
     }
     $disallowedChars = ContextSafeness::getDisallowedCharactersInJS();
     foreach ($this->vars['map'] as $value) {
         foreach ($disallowedChars as $char) {
             if (\strpos($value, $char) !== \false) {
                 return \false;
             }
         }
     }
     return \true;
 }
Beispiel #4
0
 protected function assessSafeness(array $map)
 {
     $values = \implode('', $map);
     $isSafeInCSS = \true;
     foreach (ContextSafeness::getDisallowedCharactersInCSS() as $char) {
         if (\strpos($values, $char) !== \false) {
             $isSafeInCSS = \false;
             break;
         }
     }
     if ($isSafeInCSS) {
         $this->markAsSafeInCSS();
     }
     $isSafeInJS = \true;
     foreach (ContextSafeness::getDisallowedCharactersInJS() as $char) {
         if (\strpos($values, $char) !== \false) {
             $isSafeInJS = \false;
             break;
         }
     }
     if ($isSafeInJS) {
         $this->markAsSafeInJS();
     }
 }
 /**
  * {@inheritdoc}
  */
 public function isSafeInCSS()
 {
     try {
         // Test whether this regexp could allow any character that's disallowed in URLs
         $regexp = RegexpParser::getAllowedCharacterRegexp($this->vars['regexp']);
         foreach (ContextSafeness::getDisallowedCharactersInCSS() as $char) {
             if (preg_match($regexp, $char)) {
                 return false;
             }
         }
         return true;
     } catch (Exception $e) {
         // If anything unexpected happens, we'll consider this filter is not safe
         return false;
     }
 }
 /**
  * {@inheritdoc}
  */
 public function isSafeInJS()
 {
     if (!isset($this->vars['map']) || empty($this->vars['strict'])) {
         return false;
     }
     // Test each value against the list of disallowed characters
     $disallowedChars = ContextSafeness::getDisallowedCharactersInJS();
     foreach ($this->vars['map'] as $value) {
         foreach ($disallowedChars as $char) {
             if (strpos($value, $char) !== false) {
                 return false;
             }
         }
     }
     return true;
 }
Beispiel #7
0
 /**
  * Assess the safeness of given map in contexts
  *
  * @param  array $map
  * @return void
  */
 protected function assessSafeness(array $map)
 {
     // Concatenate the values so we can check them as a single string
     $values = implode('', $map);
     // Test whether the values contain any character that's disallowed in CSS
     $isSafeInCSS = true;
     foreach (ContextSafeness::getDisallowedCharactersInCSS() as $char) {
         if (strpos($values, $char) !== false) {
             $isSafeInCSS = false;
             break;
         }
     }
     if ($isSafeInCSS) {
         $this->markAsSafeInCSS();
     }
     // Test whether the values contain any character that's disallowed in JS
     $isSafeInJS = true;
     foreach (ContextSafeness::getDisallowedCharactersInJS() as $char) {
         if (strpos($values, $char) !== false) {
             $isSafeInJS = false;
             break;
         }
     }
     if ($isSafeInJS) {
         $this->markAsSafeInJS();
     }
 }