ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Protected Attributes
Twig_Test_EscapingTest Class Reference

This class is adapted from code coming from Zend Framework. More...

+ Inheritance diagram for Twig_Test_EscapingTest:
+ Collaboration diagram for Twig_Test_EscapingTest:

Public Member Functions

 testHtmlEscapingConvertsSpecialChars ()
 
 testHtmlAttributeEscapingConvertsSpecialChars ()
 
 testJavascriptEscapingConvertsSpecialChars ()
 
 testJavascriptEscapingReturnsStringIfZeroLength ()
 
 testJavascriptEscapingReturnsStringIfContainsOnlyDigits ()
 
 testCssEscapingConvertsSpecialChars ()
 
 testCssEscapingReturnsStringIfZeroLength ()
 
 testCssEscapingReturnsStringIfContainsOnlyDigits ()
 
 testUrlEscapingConvertsSpecialChars ()
 
 testUnicodeCodepointConversionToUtf8 ()
 Range tests to confirm escaped range of characters is within OWASP recommendation. More...
 
 testJavascriptEscapingEscapesOwaspRecommendedRanges ()
 
 testHtmlAttributeEscapingEscapesOwaspRecommendedRanges ()
 
 testCssEscapingEscapesOwaspRecommendedRanges ()
 

Protected Member Functions

 setUp ()
 
 codepointToUtf8 ($codepoint)
 Convert a Unicode Codepoint to a literal UTF-8 character. More...
 

Protected Attributes

 $htmlSpecialChars
 All character encodings supported by htmlspecialchars(). More...
 
 $htmlAttrSpecialChars
 
 $jsSpecialChars
 
 $urlSpecialChars
 
 $cssSpecialChars
 
 $env
 

Detailed Description

This class is adapted from code coming from Zend Framework.

Copyright
Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) @license http://framework.zend.com/license/new-bsd New BSD License

Definition at line 9 of file escapingTest.php.

Member Function Documentation

◆ codepointToUtf8()

Twig_Test_EscapingTest::codepointToUtf8 (   $codepoint)
protected

Convert a Unicode Codepoint to a literal UTF-8 character.

Parameters
int$codepointUnicode codepoint in hex notation
Returns
string UTF-8 literal string

Definition at line 233 of file escapingTest.php.

234 {
235 if ($codepoint < 0x80) {
236 return chr($codepoint);
237 }
238 if ($codepoint < 0x800) {
239 return chr($codepoint >> 6 & 0x3f | 0xc0)
240 .chr($codepoint & 0x3f | 0x80);
241 }
242 if ($codepoint < 0x10000) {
243 return chr($codepoint >> 12 & 0x0f | 0xe0)
244 .chr($codepoint >> 6 & 0x3f | 0x80)
245 .chr($codepoint & 0x3f | 0x80);
246 }
247 if ($codepoint < 0x110000) {
248 return chr($codepoint >> 18 & 0x07 | 0xf0)
249 .chr($codepoint >> 12 & 0x3f | 0x80)
250 .chr($codepoint >> 6 & 0x3f | 0x80)
251 .chr($codepoint & 0x3f | 0x80);
252 }
253 throw new Exception('Codepoint requested outside of Unicode range.');
254 }

Referenced by testCssEscapingEscapesOwaspRecommendedRanges(), testHtmlAttributeEscapingEscapesOwaspRecommendedRanges(), testJavascriptEscapingEscapesOwaspRecommendedRanges(), and testUnicodeCodepointConversionToUtf8().

+ Here is the caller graph for this function:

◆ setUp()

Twig_Test_EscapingTest::setUp ( )
protected

Definition at line 147 of file escapingTest.php.

148 {
149 $this->env = new Twig_Environment($this->getMockBuilder('Twig_LoaderInterface')->getMock());
150 }
Twig_Environment
Stores the Twig configuration.
Definition: Environment.php:18

◆ testCssEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testCssEscapingConvertsSpecialChars ( )

Definition at line 183 of file escapingTest.php.

184 {
185 foreach ($this->cssSpecialChars as $key => $value) {
186 $this->assertEquals($value, twig_escape_filter($this->env, $key, 'css'), 'Failed to escape: '.$key);
187 }
188 }
$key
$key
Definition: croninfo.php:18

References $key.

◆ testCssEscapingEscapesOwaspRecommendedRanges()

Twig_Test_EscapingTest::testCssEscapingEscapesOwaspRecommendedRanges ( )

Definition at line 302 of file escapingTest.php.

303 {
304 // CSS has no exceptions to escaping ranges
305 for ($chr = 0; $chr < 0xFF; ++$chr) {
306 if ($chr >= 0x30 && $chr <= 0x39
307 || $chr >= 0x41 && $chr <= 0x5A
308 || $chr >= 0x61 && $chr <= 0x7A) {
309 $literal = $this->codepointToUtf8($chr);
310 $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'css'));
311 } else {
312 $literal = $this->codepointToUtf8($chr);
313 $this->assertNotEquals(
314 $literal,
315 twig_escape_filter($this->env, $literal, 'css'),
316 "$literal should be escaped!");
317 }
318 }
319 }
Twig_Test_EscapingTest\codepointToUtf8
codepointToUtf8($codepoint)
Convert a Unicode Codepoint to a literal UTF-8 character.
Definition: escapingTest.php:233

References codepointToUtf8().

+ Here is the call graph for this function:

◆ testCssEscapingReturnsStringIfContainsOnlyDigits()

Twig_Test_EscapingTest::testCssEscapingReturnsStringIfContainsOnlyDigits ( )

Definition at line 195 of file escapingTest.php.

196 {
197 $this->assertEquals('123', twig_escape_filter($this->env, '123', 'css'));
198 }

◆ testCssEscapingReturnsStringIfZeroLength()

Twig_Test_EscapingTest::testCssEscapingReturnsStringIfZeroLength ( )

Definition at line 190 of file escapingTest.php.

191 {
192 $this->assertEquals('', twig_escape_filter($this->env, '', 'css'));
193 }

◆ testHtmlAttributeEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testHtmlAttributeEscapingConvertsSpecialChars ( )

Definition at line 159 of file escapingTest.php.

160 {
161 foreach ($this->htmlAttrSpecialChars as $key => $value) {
162 $this->assertEquals($value, twig_escape_filter($this->env, $key, 'html_attr'), 'Failed to escape: '.$key);
163 }
164 }

References $key.

◆ testHtmlAttributeEscapingEscapesOwaspRecommendedRanges()

Twig_Test_EscapingTest::testHtmlAttributeEscapingEscapesOwaspRecommendedRanges ( )

Definition at line 279 of file escapingTest.php.

280 {
281 $immune = array(',', '.', '-', '_'); // Exceptions to escaping ranges
282 for ($chr = 0; $chr < 0xFF; ++$chr) {
283 if ($chr >= 0x30 && $chr <= 0x39
284 || $chr >= 0x41 && $chr <= 0x5A
285 || $chr >= 0x61 && $chr <= 0x7A) {
286 $literal = $this->codepointToUtf8($chr);
287 $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'html_attr'));
288 } else {
289 $literal = $this->codepointToUtf8($chr);
290 if (in_array($literal, $immune)) {
291 $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'html_attr'));
292 } else {
293 $this->assertNotEquals(
294 $literal,
295 twig_escape_filter($this->env, $literal, 'html_attr'),
296 "$literal should be escaped!");
297 }
298 }
299 }
300 }

References codepointToUtf8().

+ Here is the call graph for this function:

◆ testHtmlEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testHtmlEscapingConvertsSpecialChars ( )

Definition at line 152 of file escapingTest.php.

153 {
154 foreach ($this->htmlSpecialChars as $key => $value) {
155 $this->assertEquals($value, twig_escape_filter($this->env, $key, 'html'), 'Failed to escape: '.$key);
156 }
157 }

References $key.

◆ testJavascriptEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testJavascriptEscapingConvertsSpecialChars ( )

Definition at line 166 of file escapingTest.php.

167 {
168 foreach ($this->jsSpecialChars as $key => $value) {
169 $this->assertEquals($value, twig_escape_filter($this->env, $key, 'js'), 'Failed to escape: '.$key);
170 }
171 }

References $key.

◆ testJavascriptEscapingEscapesOwaspRecommendedRanges()

Twig_Test_EscapingTest::testJavascriptEscapingEscapesOwaspRecommendedRanges ( )

Definition at line 256 of file escapingTest.php.

257 {
258 $immune = array(',', '.', '_'); // Exceptions to escaping ranges
259 for ($chr = 0; $chr < 0xFF; ++$chr) {
260 if ($chr >= 0x30 && $chr <= 0x39
261 || $chr >= 0x41 && $chr <= 0x5A
262 || $chr >= 0x61 && $chr <= 0x7A) {
263 $literal = $this->codepointToUtf8($chr);
264 $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'js'));
265 } else {
266 $literal = $this->codepointToUtf8($chr);
267 if (in_array($literal, $immune)) {
268 $this->assertEquals($literal, twig_escape_filter($this->env, $literal, 'js'));
269 } else {
270 $this->assertNotEquals(
271 $literal,
272 twig_escape_filter($this->env, $literal, 'js'),
273 "$literal should be escaped!");
274 }
275 }
276 }
277 }

References codepointToUtf8().

+ Here is the call graph for this function:

◆ testJavascriptEscapingReturnsStringIfContainsOnlyDigits()

Twig_Test_EscapingTest::testJavascriptEscapingReturnsStringIfContainsOnlyDigits ( )

Definition at line 178 of file escapingTest.php.

179 {
180 $this->assertEquals('123', twig_escape_filter($this->env, '123', 'js'));
181 }

◆ testJavascriptEscapingReturnsStringIfZeroLength()

Twig_Test_EscapingTest::testJavascriptEscapingReturnsStringIfZeroLength ( )

Definition at line 173 of file escapingTest.php.

174 {
175 $this->assertEquals('', twig_escape_filter($this->env, '', 'js'));
176 }

◆ testUnicodeCodepointConversionToUtf8()

Twig_Test_EscapingTest::testUnicodeCodepointConversionToUtf8 ( )

Range tests to confirm escaped range of characters is within OWASP recommendation.

Only testing the first few 2 ranges on this prot. function as that's all these other range tests require.

Definition at line 215 of file escapingTest.php.

216 {
217 $expected = ' ~ޙ';
218 $codepoints = array(0x20, 0x7e, 0x799);
219 $result = '';
220 foreach ($codepoints as $value) {
221 $result .= $this->codepointToUtf8($value);
222 }
223 $this->assertEquals($expected, $result);
224 }
$result
$result
Definition: CleanUpTest.php:463

References $result, and codepointToUtf8().

+ Here is the call graph for this function:

◆ testUrlEscapingConvertsSpecialChars()

Twig_Test_EscapingTest::testUrlEscapingConvertsSpecialChars ( )

Definition at line 200 of file escapingTest.php.

201 {
202 foreach ($this->urlSpecialChars as $key => $value) {
203 $this->assertEquals($value, twig_escape_filter($this->env, $key, 'url'), 'Failed to escape: '.$key);
204 }
205 }

References $key.

Field Documentation

◆ $cssSpecialChars

Twig_Test_EscapingTest::$cssSpecialChars
protected
Initial value:
= array(
'<' => '\\3C ',
'>' => '\\3E ',
'\'' => '\\27 ',
'"' => '\\22 ',
'&' => '\\26 ',
'Ā' => '\\100 ',
',' => '\\2C ',
'.' => '\\2E ',
'_' => '\\5F ',
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
"\r" => '\\D ',
"\n" => '\\A ',
"\t" => '\\9 ',
"\0" => '\\0 ',
' ' => '\\20 ',
)

Definition at line 116 of file escapingTest.php.

◆ $env

Twig_Test_EscapingTest::$env
protected

Definition at line 145 of file escapingTest.php.

◆ $htmlAttrSpecialChars

Twig_Test_EscapingTest::$htmlAttrSpecialChars
protected
Initial value:
= array(
'\'' => '&#x27;',
'Ā' => '&#x0100;',
',' => ',',
'.' => '.',
'-' => '-',
'_' => '_',
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
"\r" => '&#x0D;',
"\n" => '&#x0A;',
"\t" => '&#x09;',
"\0" => '&#xFFFD;',
'<' => '&lt;',
'>' => '&gt;',
'&' => '&amp;',
'"' => '&quot;',
' ' => '&#x20;',
)

Definition at line 22 of file escapingTest.php.

◆ $htmlSpecialChars

Twig_Test_EscapingTest::$htmlSpecialChars
protected
Initial value:
= array(
'\'' => '&#039;',
'"' => '&quot;',
'<' => '&lt;',
'>' => '&gt;',
'&' => '&amp;',
)

All character encodings supported by htmlspecialchars().

Definition at line 14 of file escapingTest.php.

◆ $jsSpecialChars

Twig_Test_EscapingTest::$jsSpecialChars
protected
Initial value:
= array(
'<' => '\\x3C',
'>' => '\\x3E',
'\'' => '\\x27',
'"' => '\\x22',
'&' => '\\x26',
'Ā' => '\\u0100',
',' => ',',
'.' => '.',
'_' => '_',
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
"\r" => '\\x0D',
"\n" => '\\x0A',
"\t" => '\\x09',
"\0" => '\\x00',
' ' => '\\x20',
)

Definition at line 52 of file escapingTest.php.

◆ $urlSpecialChars

Twig_Test_EscapingTest::$urlSpecialChars
protected

Definition at line 81 of file escapingTest.php.

The documentation for this class was generated from the following file: