Ticket #25507: 25507.diff

src/wp-includes/formatting.php

@@ -3249 +3249 @@
 
 /**
  * Properly strip all HTML tags including script and style
+ * 
+ * This differs from strip_tags() because it removes the contents of 
+ * the <script> and <style> tags. E.g. strip_tags( '<script>something</script>' )
+ * will return 'something'. wp_strip_all_tags will return ''
  *
  * @since 2.9.0
  *

tests/phpunit/tests/functions.php

@@ -519 +519 @@
                 $this->assertCount( 7, $urls );
                 $this->assertEquals( array_slice( $original_urls, 0, 7 ), $urls );
         }
+
+        /**
+         * Test the wp_strip_all_tags function
+         */
+        function test_wp_strip_all_tags() {
+
+                $text = 'lorem<br />ipsum';
+                $this->assertEquals( 'loremipsum', wp_strip_all_tags( $text ) );
+
+                $text = "lorem<br />\nipsum";
+                $this->assertEquals( "lorem\nipsum", wp_strip_all_tags( $text ) );
+
+                // test removing breaks is working
+                $text = "lorem<br />ipsum";
+                $this->assertEquals( "loremipsum", wp_strip_all_tags( $text, true ) );
+
+                // test script / style tag's contents is removed
+                $text = "lorem<script>alert(document.cookie)</script>ipsum";
+                $this->assertEquals( "loremipsum", wp_strip_all_tags( $text ) );
+
+                $text = "lorem<style>* { display: 'none' }</style>ipsum";
+                $this->assertEquals( "loremipsum", wp_strip_all_tags( $text ) );
+
+                // test "marlformed" markup of contents
+                $text = "lorem<style>* { display: 'none' }<script>alert( document.cookie )</script></style>ipsum";
+                $this->assertEquals( "loremipsum", wp_strip_all_tags( $text ) );
+        }
 }