]> This result is &harmless; XML; $this->setExpectedException('ZendXml\Exception\RuntimeException'); $result = XmlSecurity::scan($xml); } public function testScanForXXE() { $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security'); file_put_contents($file, 'This is a remote content!'); $xml = << ]> &foo; XML; try { $result = XmlSecurity::scan($xml); } catch (Exception\RuntimeException $e) { unlink($file); return; } $this->fail('An expected exception has not been raised.'); } public function testScanSimpleXmlResult() { $result = XmlSecurity::scan($this->getXml()); $this->assertTrue($result instanceof SimpleXMLElement); $this->assertEquals($result->result, 'test'); } public function testScanDom() { $dom = new DOMDocument('1.0'); $result = XmlSecurity::scan($this->getXml(), $dom); $this->assertTrue($result instanceof DOMDocument); $node = $result->getElementsByTagName('result')->item(0); $this->assertEquals($node->nodeValue, 'test'); } /** * @requires PHP 5.4 */ public function testScanDomHTML() { // loadHtml accepts constants in php >= 5.4 // http://php.net/manual/de/domdocument.loadhtml.php $dom = new DOMDocument('1.0'); $html = <<a simple test

HTML; $constants = LIBXML_HTML_NODEFDTD | LIBXML_HTML_NOIMPLIED; $result = XmlSecurity::scanHtml($html, $dom, $constants); $this->assertTrue($result instanceof DOMDocument); $this->assertEquals($html, trim($result->saveHtml())); } public function testScanInvalidXml() { $xml = <<test XML; $result = XmlSecurity::scan($xml); $this->assertFalse($result); } public function testScanInvalidXmlDom() { $xml = <<test XML; $dom = new DOMDocument('1.0'); $result = XmlSecurity::scan($xml, $dom); $this->assertFalse($result); } public function testScanFile() { $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security'); file_put_contents($file, $this->getXml()); $result = XmlSecurity::scanFile($file); $this->assertTrue($result instanceof SimpleXMLElement); $this->assertEquals($result->result, 'test'); unlink($file); } public function testScanXmlWithDTD() { $xml = << ]> test XML; $dom = new DOMDocument('1.0'); $result = XmlSecurity::scan($xml, $dom); $this->assertTrue($result instanceof DOMDocument); $this->assertTrue($result->validate()); } protected function getXml() { return << test XML; } }