public function testCleanInput() { $bad_input = 'Hello!<script>alert("Malicious popup!! Your coding skills suck!")</script>'; $clean_output = Sanitize::purify($bad_input); $expected_output = 'Hello!'; $this->assertTrue($clean_output === $expected_output); }
$impure = false; $input = Input::all(); $bannedInput = array(); $keys = array_keys($input); for ($i = 0; $i < sizeof($keys); $i++) { // get input key value pair // $key = $keys[$i]; $value = $input[$key]; // sanitize values // if (gettype($value) == 'string') { // use appropriate filtering method // if ($key != 'password') { $input[$key] = Sanitize::purify($value); } else { $input[$key] = str_ireplace("<script>", "", $input[$key]); } if ($input[$key] != $value) { $impure = true; $bannedInput[$key] = $value; } } } if ($impure) { // report banned input // $userUid = Session::get('user_uid'); syslog(LOG_WARNING, "User {$userUid} attempted to send unsanitary input containing HTML tags or script: " . json_encode($bannedInput)); Input::replace($input);