function testWizardRejectsHtmlScriptTags() { $badContent = "<script>alert('!');</script>"; $this->get('/widget-wiz/step-one'); try { $this->submitForm($this->getForm(), array('title' => $badContent, 'goal' => '15', 'currency' => 'USD', 'ending' => $this->in3days(), 'bitcoinAddress' => $this->btcAddr())); $this->submitForm($this->getForm(), array('about' => $badContent)); } catch (Exception $_) { # XXX: Until we get proper form-validation in place, we'll just expect to see an # XXX: exception coming from the 'Paranoid' database layer proclaiming "No angle # XXX: brackets allowed!". } assertEqual(0, count(Widget::getAll())); }