- Timestamp:
- 10/03/2017 03:43:01 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/customize/nav-menu-item-setting.php
r39393 r41697 473 473 $this->assertNull( $setting->sanitize( 123 ) ); 474 474 475 $valid_urls = array( 476 'http://example.com/', 477 'https://foo.example.com/hello.html', 478 'mailto:nobody@example.com?subject=hi', 479 'ftp://example.com/', 480 'ftps://example.com/', 481 'news://news.server.example/example.group.this', 482 'irc://irc.freenode.net/wordpress', 483 'gopher://example.com', 484 'nntp://news.server.example/example.group.this', 485 'feed://example.com/', 486 'telnet://example.com', 487 'mms://example.com', 488 'rtsp://example.com/', 489 'svn://develop.svn.wordpress.org/trunk', 490 'tel:000-000-000', 491 'fax:000-000-000', 492 'xmpp:user@host?message', 493 'webcal://example.com', 494 'urn:org.wordpress', 495 ); 496 foreach ( $valid_urls as $valid_url ) { 497 $url_setting = $setting->sanitize( array( 'url' => $valid_url ) ); 498 $this->assertInternalType( 'array', $url_setting ); 499 $this->assertEquals( $valid_url, $url_setting['url'] ); 500 } 501 502 $invalid_urls = array( 503 'javascript:alert(1)', 504 'unknown://something.out-there', 505 'smtp://user:pass@mailserver.thing', 506 ); 507 foreach ( $invalid_urls as $invalid_url ) { 508 $url_setting = $setting->sanitize( array( 'url' => $invalid_url ) ); 509 $this->assertInstanceOf( 'WP_Error', $url_setting ); 510 $this->assertEquals( 'invalid_url', $url_setting->get_error_code() ); 511 } 512 475 513 $unsanitized = array( 476 514 'object_id' => 'bad', … … 480 518 'type' => 'custom<b>', 481 519 'title' => '\o/ o\'o Hi<script>unfilteredHtml()</script>', 482 'url' => ' javascript:alert(1)',520 'url' => '', // Note the javascript: protocol is checked above and results in a hard validation error, beyond mere sanitization. 483 521 'target' => '" onclick="', 484 522 'attr_title' => '\o/ o\'o <b>bolded</b><script>unfilteredHtml()</script>',
Note: See TracChangeset
for help on using the changeset viewer.