/**
  * @test
  */
 public function echoExceptionWebEscapesExceptionMessage()
 {
     $message = '<b>b</b><script>alert(1);</script>';
     $exception = new \Exception($message);
     ob_start();
     $this->subject->echoExceptionWeb($exception);
     $output = ob_get_contents();
     ob_end_clean();
     $this->assertContains(htmlspecialchars($message), $output);
     $this->assertNotContains($message, $output);
 }
Exemple #2
0
	/**
	 * @test
	 */
	public function echoExceptionWebEscapesExceptionTitle() {
		$title = '<b>b</b><script>alert(1);</script>';
		/** @var $exception \Exception|\PHPUnit_Framework_MockObject_MockObject */
		$exception = $this->getMock('Exception', array('getTitle'), array('some message'));
		$exception->expects($this->any())->method('getTitle')->will($this->returnValue($title));
		ob_start();
		$this->subject->echoExceptionWeb($exception);
		$output = ob_get_contents();
		ob_end_clean();
		$this->assertContains(htmlspecialchars($title), $output);
		$this->assertNotContains($title, $output);
	}