diff options
Diffstat (limited to 'vendor/symfony/debug/Tests/ExceptionHandlerTest.php')
| -rw-r--r-- | vendor/symfony/debug/Tests/ExceptionHandlerTest.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/vendor/symfony/debug/Tests/ExceptionHandlerTest.php b/vendor/symfony/debug/Tests/ExceptionHandlerTest.php index e166136cbb..4910fe5ec9 100644 --- a/vendor/symfony/debug/Tests/ExceptionHandlerTest.php +++ b/vendor/symfony/debug/Tests/ExceptionHandlerTest.php @@ -48,8 +48,17 @@ class ExceptionHandlerTest extends TestCase $handler->sendPhpResponse(new \RuntimeException('Foo')); $response = ob_get_clean(); - $this->assertContains('Whoops, looks like something went wrong.', $response); + $this->assertContains('<h1 class="break-long-words exception-message">Foo</h1>', $response); $this->assertContains('<div class="trace trace-as-html">', $response); + + // taken from https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) + $htmlWithXss = '<body onload=alert(\'test1\')> <b onmouseover=alert(\'Wufff!\')>click me!</b> <img src="jAvascript:alert(\'test2\')"> <meta http-equiv="refresh" +content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg">'; + ob_start(); + $handler->sendPhpResponse(new \RuntimeException($htmlWithXss)); + $response = ob_get_clean(); + + $this->assertContains(sprintf('<h1 class="break-long-words exception-message">%s</h1>', htmlspecialchars($htmlWithXss, ENT_COMPAT | ENT_SUBSTITUTE, 'UTF-8')), $response); } public function testStatusCode() |
