ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Protected Attributes
Twig_Test_EscapingTest Class Reference

This class is adapted from code coming from Zend Framework. More...

+ Inheritance diagram for Twig_Test_EscapingTest:
+ Collaboration diagram for Twig_Test_EscapingTest:

Public Member Functions

 testHtmlEscapingConvertsSpecialChars ()
 
 testHtmlAttributeEscapingConvertsSpecialChars ()
 
 testJavascriptEscapingConvertsSpecialChars ()
 
 testJavascriptEscapingReturnsStringIfZeroLength ()
 
 testJavascriptEscapingReturnsStringIfContainsOnlyDigits ()
 
 testCssEscapingConvertsSpecialChars ()
 
 testCssEscapingReturnsStringIfZeroLength ()
 
 testCssEscapingReturnsStringIfContainsOnlyDigits ()
 
 testUrlEscapingConvertsSpecialChars ()
 
 testUnicodeCodepointConversionToUtf8 ()
 Range tests to confirm escaped range of characters is within OWASP recommendation. More...
 
 testJavascriptEscapingEscapesOwaspRecommendedRanges ()
 
 testHtmlAttributeEscapingEscapesOwaspRecommendedRanges ()
 
 testCssEscapingEscapesOwaspRecommendedRanges ()
 

Protected Member Functions

 setUp ()
 
 codepointToUtf8 ($codepoint)
 Convert a Unicode Codepoint to a literal UTF-8 character. More...
 

Protected Attributes

 $htmlSpecialChars
 All character encodings supported by htmlspecialchars(). More...
 
 $htmlAttrSpecialChars
 
 $jsSpecialChars
 
 $urlSpecialChars
 
 $cssSpecialChars
 
 $env
 

Detailed Description

This class is adapted from code coming from Zend Framework.

Copyright
Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) http://framework.zend.com/license/new-bsd New BSD License

Definition at line 9 of file escapingTest.php.

Member Function Documentation

◆ codepointToUtf8()

Twig_Test_EscapingTest::codepointToUtf8 (   $codepoint)
protected

Convert a Unicode Codepoint to a literal UTF-8 character.

Parameters
int$codepointUnicode codepoint in hex notation
Returns
string UTF-8 literal string

Definition at line 233 of file escapingTest.php.

Referenced by testCssEscapingEscapesOwaspRecommendedRanges(), testHtmlAttributeEscapingEscapesOwaspRecommendedRanges(), testJavascriptEscapingEscapesOwaspRecommendedRanges(), and testUnicodeCodepointConversionToUtf8().

234  {
235  if ($codepoint < 0x80) {
236  return chr($codepoint);
237  }
238  if ($codepoint < 0x800) {
239  return chr($codepoint >> 6 & 0x3f | 0xc0)
240  .chr($codepoint & 0x3f | 0x80);
241  }
242  if ($codepoint < 0x10000) {
243  return chr($codepoint >> 12 & 0x0f | 0xe0)
244  .chr($codepoint >> 6 & 0x3f | 0x80)
245  .chr($codepoint & 0x3f | 0x80);
246  }
247  if ($codepoint < 0x110000) {
248  return chr($codepoint >> 18 & 0x07 | 0xf0)
249  .chr($codepoint >> 12 & 0x3f | 0x80)
250  .chr($codepoint >> 6 & 0x3f | 0x80)
251  .chr($codepoint & 0x3f | 0x80);
252  }
253  throw new Exception('Codepoint requested outside of Unicode range.');
254  }
+ Here is the caller graph for this function:

◆ setUp()

Twig_Test_EscapingTest::setUp ( )
protected

Definition at line 147 of file escapingTest.php.

148  {
149  $this->env = new Twig_Environment($this->getMockBuilder('Twig_LoaderInterface')->getMock());
150  }
Twig_Environment
Stores the Twig configuration.
Definition: Environment.php:17

◆ testCssEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testCssEscapingConvertsSpecialChars ( )

Definition at line 183 of file escapingTest.php.

References $key.

184  {
185  foreach ($this->cssSpecialChars as $key => $value) {
186  $this->assertEquals($value, twig_escape_filter($this->env, $key, 'css'), 'Failed to escape: '.$key);
187  }
188  }
$key
$key
Definition: croninfo.php:18

◆ testCssEscapingEscapesOwaspRecommendedRanges()

Twig_Test_EscapingTest::testCssEscapingEscapesOwaspRecommendedRanges ( )

Definition at line 302 of file escapingTest.php.

References codepointToUtf8().

303  {
304  // CSS has no exceptions to escaping ranges
305  for ($chr = 0; $chr < 0xFF; ++$chr) {
306  if ($chr >= 0x30 && $chr <= 0x39
307  || $chr >= 0x41 && $chr <= 0x5A
308  || $chr >= 0x61 && $chr <= 0x7A) {
309  $literal = $this->codepointToUtf8($chr);
310  $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'css'));
311  } else {
312  $literal = $this->codepointToUtf8($chr);
313  $this->assertNotEquals(
314  $literal,
315  twig_escape_filter($this->env, $literal, 'css'),
316  "$literal should be escaped!");
317  }
318  }
319  }
Twig_Test_EscapingTest\codepointToUtf8
codepointToUtf8($codepoint)
Convert a Unicode Codepoint to a literal UTF-8 character.
Definition: escapingTest.php:233
+ Here is the call graph for this function:

◆ testCssEscapingReturnsStringIfContainsOnlyDigits()

Twig_Test_EscapingTest::testCssEscapingReturnsStringIfContainsOnlyDigits ( )

Definition at line 195 of file escapingTest.php.

196  {
197  $this->assertEquals('123', twig_escape_filter($this->env, '123', 'css'));
198  }

◆ testCssEscapingReturnsStringIfZeroLength()

Twig_Test_EscapingTest::testCssEscapingReturnsStringIfZeroLength ( )

Definition at line 190 of file escapingTest.php.

191  {
192  $this->assertEquals('', twig_escape_filter($this->env, '', 'css'));
193  }

◆ testHtmlAttributeEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testHtmlAttributeEscapingConvertsSpecialChars ( )

Definition at line 159 of file escapingTest.php.

References $key.

160  {
161  foreach ($this->htmlAttrSpecialChars as $key => $value) {
162  $this->assertEquals($value, twig_escape_filter($this->env, $key, 'html_attr'), 'Failed to escape: '.$key);
163  }
164  }
$key
$key
Definition: croninfo.php:18

◆ testHtmlAttributeEscapingEscapesOwaspRecommendedRanges()

Twig_Test_EscapingTest::testHtmlAttributeEscapingEscapesOwaspRecommendedRanges ( )

Definition at line 279 of file escapingTest.php.

References codepointToUtf8().

280  {
281  $immune = array(',', '.', '-', '_'); // Exceptions to escaping ranges
282  for ($chr = 0; $chr < 0xFF; ++$chr) {
283  if ($chr >= 0x30 && $chr <= 0x39
284  || $chr >= 0x41 && $chr <= 0x5A
285  || $chr >= 0x61 && $chr <= 0x7A) {
286  $literal = $this->codepointToUtf8($chr);
287  $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'html_attr'));
288  } else {
289  $literal = $this->codepointToUtf8($chr);
290  if (in_array($literal, $immune)) {
291  $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'html_attr'));
292  } else {
293  $this->assertNotEquals(
294  $literal,
295  twig_escape_filter($this->env, $literal, 'html_attr'),
296  "$literal should be escaped!");
297  }
298  }
299  }
300  }
Twig_Test_EscapingTest\codepointToUtf8
codepointToUtf8($codepoint)
Convert a Unicode Codepoint to a literal UTF-8 character.
Definition: escapingTest.php:233
+ Here is the call graph for this function:

◆ testHtmlEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testHtmlEscapingConvertsSpecialChars ( )

Definition at line 152 of file escapingTest.php.

References $key.

153  {
154  foreach ($this->htmlSpecialChars as $key => $value) {
155  $this->assertEquals($value, twig_escape_filter($this->env, $key, 'html'), 'Failed to escape: '.$key);
156  }
157  }
$key
$key
Definition: croninfo.php:18

◆ testJavascriptEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testJavascriptEscapingConvertsSpecialChars ( )

Definition at line 166 of file escapingTest.php.

References $key.

167  {
168  foreach ($this->jsSpecialChars as $key => $value) {
169  $this->assertEquals($value, twig_escape_filter($this->env, $key, 'js'), 'Failed to escape: '.$key);
170  }
171  }
$key
$key
Definition: croninfo.php:18

◆ testJavascriptEscapingEscapesOwaspRecommendedRanges()

Twig_Test_EscapingTest::testJavascriptEscapingEscapesOwaspRecommendedRanges ( )

Definition at line 256 of file escapingTest.php.

References codepointToUtf8().

257  {
258  $immune = array(',', '.', '_'); // Exceptions to escaping ranges
259  for ($chr = 0; $chr < 0xFF; ++$chr) {
260  if ($chr >= 0x30 && $chr <= 0x39
261  || $chr >= 0x41 && $chr <= 0x5A
262  || $chr >= 0x61 && $chr <= 0x7A) {
263  $literal = $this->codepointToUtf8($chr);
264  $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'js'));
265  } else {
266  $literal = $this->codepointToUtf8($chr);
267  if (in_array($literal, $immune)) {
268  $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'js'));
269  } else {
270  $this->assertNotEquals(
271  $literal,
272  twig_escape_filter($this->env, $literal, 'js'),
273  "$literal should be escaped!");
274  }
275  }
276  }
277  }
Twig_Test_EscapingTest\codepointToUtf8
codepointToUtf8($codepoint)
Convert a Unicode Codepoint to a literal UTF-8 character.
Definition: escapingTest.php:233
+ Here is the call graph for this function:

◆ testJavascriptEscapingReturnsStringIfContainsOnlyDigits()

Twig_Test_EscapingTest::testJavascriptEscapingReturnsStringIfContainsOnlyDigits ( )

Definition at line 178 of file escapingTest.php.

179  {
180  $this->assertEquals('123', twig_escape_filter($this->env, '123', 'js'));
181  }

◆ testJavascriptEscapingReturnsStringIfZeroLength()

Twig_Test_EscapingTest::testJavascriptEscapingReturnsStringIfZeroLength ( )

Definition at line 173 of file escapingTest.php.

174  {
175  $this->assertEquals('', twig_escape_filter($this->env, '', 'js'));
176  }

◆ testUnicodeCodepointConversionToUtf8()

Twig_Test_EscapingTest::testUnicodeCodepointConversionToUtf8 ( )

Range tests to confirm escaped range of characters is within OWASP recommendation.

Only testing the first few 2 ranges on this prot. function as that's all these other range tests require.

Definition at line 215 of file escapingTest.php.

References $result, and codepointToUtf8().

216  {
217  $expected = ' ~ޙ';
218  $codepoints = array(0x20, 0x7e, 0x799);
219  $result = '';
220  foreach ($codepoints as $value) {
221  $result .= $this->codepointToUtf8($value);
222  }
223  $this->assertEquals($expected, $result);
224  }
Twig_Test_EscapingTest\codepointToUtf8
codepointToUtf8($codepoint)
Convert a Unicode Codepoint to a literal UTF-8 character.
Definition: escapingTest.php:233
$result
$result
Definition: CleanUpTest.php:463
+ Here is the call graph for this function:

◆ testUrlEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testUrlEscapingConvertsSpecialChars ( )

Definition at line 200 of file escapingTest.php.

References $key.

201  {
202  foreach ($this->urlSpecialChars as $key => $value) {
203  $this->assertEquals($value, twig_escape_filter($this->env, $key, 'url'), 'Failed to escape: '.$key);
204  }
205  }
$key
$key
Definition: croninfo.php:18

Field Documentation

◆ $cssSpecialChars

Twig_Test_EscapingTest::$cssSpecialChars
protected
Initial value:
= array(
'<' => '\\3C ',
'>' => '\\3E ',
'\'' => '\\27 ',
'"' => '\\22 ',
'&' => '\\26 ',
'Ā' => '\\100 ',
',' => '\\2C ',
'.' => '\\2E ',
'_' => '\\5F ',
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
"\r" => '\\D ',
"\n" => '\\A ',
"\t" => '\\9 ',
"\0" => '\\0 ',
' ' => '\\20 ',
)

Definition at line 116 of file escapingTest.php.

◆ $env

Twig_Test_EscapingTest::$env
protected

Definition at line 145 of file escapingTest.php.

◆ $htmlAttrSpecialChars

Twig_Test_EscapingTest::$htmlAttrSpecialChars
protected
Initial value:
= array(
'\'' => '&#x27;',
'Ā' => '&#x0100;',
',' => ',',
'.' => '.',
'-' => '-',
'_' => '_',
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
"\r" => '&#x0D;',
"\n" => '&#x0A;',
"\t" => '&#x09;',
"\0" => '&#xFFFD;',
'<' => '&lt;',
'>' => '&gt;',
'&' => '&amp;',
'"' => '&quot;',
' ' => '&#x20;',
)

Definition at line 22 of file escapingTest.php.

◆ $htmlSpecialChars

Twig_Test_EscapingTest::$htmlSpecialChars
protected
Initial value:
= array(
'\'' => '&#039;',
'"' => '&quot;',
'<' => '&lt;',
'>' => '&gt;',
'&' => '&amp;',
)

All character encodings supported by htmlspecialchars().

Definition at line 14 of file escapingTest.php.

◆ $jsSpecialChars

Twig_Test_EscapingTest::$jsSpecialChars
protected
Initial value:
= array(
'<' => '\\x3C',
'>' => '\\x3E',
'\'' => '\\x27',
'"' => '\\x22',
'&' => '\\x26',
'Ā' => '\\u0100',
',' => ',',
'.' => '.',
'_' => '_',
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
"\r" => '\\x0D',
"\n" => '\\x0A',
"\t" => '\\x09',
"\0" => '\\x00',
' ' => '\\x20',
)

Definition at line 52 of file escapingTest.php.

◆ $urlSpecialChars

Twig_Test_EscapingTest::$urlSpecialChars
protected

Definition at line 81 of file escapingTest.php.

The documentation for this class was generated from the following file: