function CommonURLUnitTest::testLXSS in SimpleTest 7
Confirm that invalid text given as $path is filtered.
File
- tests/
common.test, line 71 - Tests for common.inc functionality.
Class
- CommonURLUnitTest
- Tests for URL generation functions.
Code
function testLXSS() {
$text = $this
->randomName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = l($text, $path);
$sanitized_path = check_url(url($path));
$this
->assertTrue(strpos($link, $sanitized_path) !== FALSE, t('XSS attack @path was filtered', array(
'@path' => $path,
)));
}