- Timestamp:
- 05/15/2024 05:40:44 PM (9 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPI.php
r58040 r58159 28 28 } 29 29 30 public function charset_iso_8859_1() { 31 return 'iso-8859-1'; 32 } 33 30 34 /** 31 35 * Tests that the state and config methods return an empty array at the … … 350 354 * 351 355 * @ticket 60356 356 * @ticket 61170 352 357 * 353 358 * @covers ::state … … 356 361 */ 357 362 public function test_state_and_config_escape_special_characters() { 358 $this->interactivity->state( 'myPlugin', array( 'amps' => 'http://site.test/?foo=1&baz=2' ) ); 359 $this->interactivity->config( 'myPlugin', array( 'tags' => 'Tags: <!-- <script>' ) ); 363 $this->interactivity->state( 364 'myPlugin', 365 array( 366 'ampersand' => '&', 367 'less-than sign' => '<', 368 'greater-than sign' => '>', 369 'solidus' => '/', 370 'line separator' => "\u{2028}", 371 'paragraph separator' => "\u{2029}", 372 'flag of england' => "\u{1F3F4}\u{E0067}\u{E0062}\u{E0065}\u{E006E}\u{E0067}\u{E007F}", 373 'malicious script closer' => '</script>', 374 'entity-encoded malicious script closer' => '</script>', 375 ) 376 ); 377 $this->interactivity->config( 'myPlugin', array( 'chars' => '&<>/' ) ); 360 378 361 379 $interactivity_data_markup = get_echo( array( $this->interactivity, 'print_client_interactivity_data' ) ); 362 preg_match( '/<script type="application\/json" id="wp-interactivity-data">.*?(\{.*\}).*?<\/script>/s', $interactivity_data_markup, $interactivity_data_string ); 363 364 $this->assertEquals( 365 '{"config":{"myPlugin":{"tags":"Tags: \u003C!-- \u003Cscript\u003E"}},"state":{"myPlugin":{"amps":"http:\/\/site.test\/?foo=1\u0026baz=2"}}}', 366 $interactivity_data_string[1] 367 ); 380 preg_match( '~<script type="application/json" id="wp-interactivity-data">\s*(\{.*\})\s*</script>~s', $interactivity_data_markup, $interactivity_data_string ); 381 382 $expected = <<<"JSON" 383 {"config":{"myPlugin":{"chars":"&\\u003C\\u003E/"}},"state":{"myPlugin":{"ampersand":"&","less-than sign":"\\u003C","greater-than sign":"\\u003E","solidus":"/","line separator":"\u{2028}","paragraph separator":"\u{2029}","flag of england":"\u{1F3F4}\u{E0067}\u{E0062}\u{E0065}\u{E006E}\u{E0067}\u{E007F}","malicious script closer":"\\u003C/script\\u003E","entity-encoded malicious script closer":"</script>"}}} 384 JSON; 385 $this->assertEquals( $expected, $interactivity_data_string[1] ); 386 } 387 388 /** 389 * Tests that special characters in the initial state and configuration are 390 * properly escaped when the blog_charset is not UTF-8 (unicode compatible). 391 * 392 * This this test, unicode and line terminators should be escaped to their 393 * JSON unicode sequences. 394 * 395 * @ticket 61170 396 * 397 * @covers ::state 398 * @covers ::config 399 * @covers ::print_client_interactivity_data 400 */ 401 public function test_state_and_config_escape_special_characters_non_utf8() { 402 add_filter( 'pre_option_blog_charset', array( $this, 'charset_iso_8859_1' ) ); 403 $this->interactivity->state( 404 'myPlugin', 405 array( 406 'ampersand' => '&', 407 'less-than sign' => '<', 408 'greater-than sign' => '>', 409 'solidus' => '/', 410 'line separator' => "\u{2028}", 411 'paragraph separator' => "\u{2029}", 412 'flag of england' => "\u{1F3F4}\u{E0067}\u{E0062}\u{E0065}\u{E006E}\u{E0067}\u{E007F}", 413 'malicious script closer' => '</script>', 414 'entity-encoded malicious script closer' => '</script>', 415 ) 416 ); 417 $this->interactivity->config( 'myPlugin', array( 'chars' => '&<>/' ) ); 418 419 $interactivity_data_markup = get_echo( array( $this->interactivity, 'print_client_interactivity_data' ) ); 420 preg_match( '~<script type="application/json" id="wp-interactivity-data">\s*(\{.*\})\s*</script>~s', $interactivity_data_markup, $interactivity_data_string ); 421 422 $expected = <<<"JSON" 423 {"config":{"myPlugin":{"chars":"&\\u003C\\u003E/"}},"state":{"myPlugin":{"ampersand":"&","less-than sign":"\\u003C","greater-than sign":"\\u003E","solidus":"/","line separator":"\\u2028","paragraph separator":"\\u2029","flag of england":"\\ud83c\\udff4\\udb40\\udc67\\udb40\\udc62\\udb40\\udc65\\udb40\\udc6e\\udb40\\udc67\\udb40\\udc7f","malicious script closer":"\\u003C/script\\u003E","entity-encoded malicious script closer":"</script>"}}} 424 JSON; 425 $this->assertEquals( $expected, $interactivity_data_string[1] ); 368 426 } 369 427
Note: See TracChangeset
for help on using the changeset viewer.