/** * @test */ public function echoExceptionWebEscapesExceptionMessage() { $message = '<b>b</b><script>alert(1);</script>'; $exception = new \Exception($message); ob_start(); $this->subject->echoExceptionWeb($exception); $output = ob_get_contents(); ob_end_clean(); $this->assertContains(htmlspecialchars($message), $output); $this->assertNotContains($message, $output); }
/** * @test */ public function echoExceptionWebEscapesExceptionTitle() { $title = '<b>b</b><script>alert(1);</script>'; /** @var $exception \Exception|\PHPUnit_Framework_MockObject_MockObject */ $exception = $this->getMock('Exception', array('getTitle'), array('some message')); $exception->expects($this->any())->method('getTitle')->will($this->returnValue($title)); ob_start(); $this->subject->echoExceptionWeb($exception); $output = ob_get_contents(); ob_end_clean(); $this->assertContains(htmlspecialchars($title), $output); $this->assertNotContains($title, $output); }