move sanitation of urls to the serverside code to also provide security for clients, fix #151

author: Bernhard Posselt <nukeawhale@gmail.com> 2013-08-06 13:56:32 +0200
committer: Bernhard Posselt <nukeawhale@gmail.com> 2013-08-06 13:56:32 +0200
commit: 78b0bcc19ad3aba0e1e10d7441290a8af82e63bf (patch)
tree: c46055c5d13bea272dcc162170e396c872954513 /tests/unit/db/ItemTest.php
parent: 582dba7e944850d39316a15ef9e3297577fb936f (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/tests/unit/db/ItemTest.php b/tests/unit/db/ItemTest.php
index d48c8da12..971d808f0 100644
--- a/tests/unit/db/ItemTest.php
+++ b/tests/unit/db/ItemTest.php
@@ -71,7 +71,7 @@ class ItemTest extends \PHPUnit_Framework_TestCase {
 		$item->setId(3);
 		$item->setGuid('guid');
 		$item->setGuidHash('hash');
-		$item->setUrl('url');
+		$item->setUrl('https://google');
 		$item->setTitle('title');
 		$item->setAuthor('author');
 		$item->setPubDate(123);
@@ -88,7 +88,7 @@ class ItemTest extends \PHPUnit_Framework_TestCase {
 			'id' => 3,
 			'guid' => 'guid',
 			'guidHash' => 'hash',
-			'url' => 'url',
+			'url' => 'https://google',
 			'title' => 'title',
 			'author' => 'author',
 			'pubDate' => 123,
@@ -119,4 +119,11 @@ class ItemTest extends \PHPUnit_Framework_TestCase {
 	}
 
 
+	public function testSetXSSUrl() {
+		$item = new Item();
+		$item->setUrl('javascript:alert()');
+		$this->assertEquals('', $item->getUrl());
+	}
+
+
 }
 \ No newline at end of file
author	Bernhard Posselt <nukeawhale@gmail.com>	2013-08-06 13:56:32 +0200
committer	Bernhard Posselt <nukeawhale@gmail.com>	2013-08-06 13:56:32 +0200
commit	78b0bcc19ad3aba0e1e10d7441290a8af82e63bf (patch)
tree	c46055c5d13bea272dcc162170e396c872954513 /tests/unit/db/ItemTest.php
parent	582dba7e944850d39316a15ef9e3297577fb936f (diff)