/** * @depends testPurifyHtml */ public function testPurifyHtmlAndModifyInput() { $text = '<b>This</b> is <a href="http://www.zurmo.com">valid text</a>'; DataUtil::purifyHtmlAndModifyInput($text); $this->assertEquals('<b>This</b> is <a href="http://www.zurmo.com">valid text</a>', $text); $text = "<IMG SRC=JaVaScRiPt:alert('XSS')>"; // Not Coding Standard DataUtil::purifyHtmlAndModifyInput($text); $this->assertEquals('', $text); $text = "Valid text.<SCRIPT>alert('XSS')</SCRIPT>"; DataUtil::purifyHtmlAndModifyInput($text); $this->assertEquals('Valid text.', $text); $text = "<SCRIPT>alert('XSS')</SCRIPT>Valid text."; DataUtil::purifyHtmlAndModifyInput($text); $this->assertEquals('Valid text.', $text); }