function test_filtering_malicious_html() { $this->assert_equal(InputFilter::filter_html_elements('<p onclick=\\"window.alert(\'boo\')\\">Hey.</p><a href=\\"#\\" style=\\"position: absolute; left: 1px; top: 3px;\\">Whee!</a>'), '<p>Hey.</p><a href=\\"#\\">Whee!</a>'); $this->assert_equal(InputFilter::filter_html_elements('<a href=\\"javascript:alert(\'yay\')\\" style=\\"text-decoration: none;\\">Whee!</a>'), '<a>Whee!</a>'); }
public function testFilter_html_elements() { // test stripping malicious code $this->assertEquals('<p>Hey.</p><a href=\\"#\\">Whee!</a>', InputFilter::filter_html_elements('<p onclick=\\"window.alert(\'boo\')\\">Hey.</p><a href=\\"#\\" style=\\"position: absolute; left: 1px; top: 3px;\\">Whee!</a>')); $this->assertEquals('<a>Whee!</a>', InputFilter::filter_html_elements('<a href=\\"javascript:alert(\'yay\')\\" style=\\"text-decoration: none;\\">Whee!</a>')); }