public function testSanitize() { $string = '<b>one</b> <a href="javascript:alert(xss)" target="_blank" style="style">two</a> <em class="test" onclick="xss">three</em> four <script>javascript</script><style>style</style><link rel="stylesheet" type="text/css" />'; $ok = '<b>one</b> <a target="_blank">two</a> <em class="test">three</em> four '; $clean = FilterComponent::sanitize($string); $this->assertEqual($clean, $ok); $string = '<b>one</b> <a href="javascript: alert(xss)" target="_blank" style=\'style\'>two</a> <em class="test" onclick = "xss">three</em> four <script>javascript</script><style>style</style><link rel="stylesheet" type="text/css" />'; $ok = '<b>one</b> <a target="_blank">two</a> <em class="test">three</em> four '; $clean = FilterComponent::sanitize($string); $this->assertEqual($clean, $ok); $array = array('one' => '<b>bold</bold>', 'two' => array('one' => '<script type="text/javascript">alert("xss")</script>', 'two' => '<a href="javascript:alert(\'xss\')" target="_blank">link</a>', 'three' => '<body style="display:none">xss</body>'), 'three' => '<span style="display:none">test</span>'); $ok = array('one' => '<b>bold</bold>', 'two' => array('one' => '', 'two' => '<a target="_blank">link</a>', 'three' => '<body>xss</body>'), 'three' => '<span>test</span>'); $clean = FilterComponent::sanitize($array); $this->assertEqual($clean, $ok); }
private function process($data) { $data = FilterComponent::sanitize($data); $data = $this->smartDates($data); return $data; }