21 require_once(
'./libs/composer/vendor/autoload.php');
39 'The SVG file contains malicious code.',
50 '<svg width="100" height="100"> 51 <foreignObject width="100%" height="100%"> 52 <script>alert(document.domain);</script> 58 '<svg width="100" height="100"> 59 <foreignObject width="100%" height="100%" onclick="alert(document.domain);"> 66 '<svg version="1.1" baseProfile="full" 67 xmlns="http://www.w3.org/2000/svg"> 68 <rect width="100" height="100" style="fill:rgb(0,0,255);" /> 69 <script type="text/javascript"> 70 alert("XSS in SVG on " + document.domain ); 76 '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> 77 <use xlink:href="data:application/xml;base64 , 78 PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5r 79 PSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9I 80 jUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTm 81 FtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29r 82 aWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC 83 8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test"/> 97 $metadata =
new Metadata(
'test.svg', 100,
'image/svg+xml');
99 $result = $preProcessor->process($stream, $metadata);
103 $this->assertSame(
'The SVG file contains malicious code. (' . $type .
')', $result->getMessage());
108 $svg =
'<svg version="1.1" baseProfile="full" 109 xmlns="http://www.w3.org/2000/svg"> 110 <rect width="100" height="100" style="fill:rgb(0,0,255);" /> 115 $metadata =
new Metadata(
'test.svg', 100,
'image/svg+xml');
117 $result = $preProcessor->process($stream, $metadata);
121 $this->assertSame(
'SVG OK', $result->getMessage());
127 [
'./templates/default/images/bigplay.svg'],
128 [
'./templates/default/images/jstree.svg'],
129 [
'./templates/default/images/loader.svg'],
130 [
'./templates/default/images/col.svg'],
131 [
'./templates/default/images/HeaderIcon.svg'],
132 [
'./templates/default/images/answered_not.svg'],
141 $this->assertTrue(file_exists($path));
142 $svg = file_get_contents($path);
146 $metadata =
new Metadata(
'bigplay.svg', 100,
'image/svg+xml');
148 $result = $preProcessor->process($stream, $metadata);
150 $this->assertSame(
'SVG OK', $result->getMessage());
const REJECTED
Upload got rejected by a processor.
Class SVGBlacklistPreProcessor.
testMaliciousSVG(string $malicious_svg, string $type)
maliciousSVGProvider
testSomeComplexSaneSVG(string $path)
provideSomeComplexSaneSVG
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
const DENIED
Upload got denied by a processor, the upload will be removed immediately.
static ofString(string $string)
Creates a new stream with an initial value.
provideSomeComplexSaneSVG()
Class SVGPreProcessorTest.