summaryrefslogtreecommitdiff
path: root/vendor/symfony/debug/Tests/ExceptionHandlerTest.php
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/symfony/debug/Tests/ExceptionHandlerTest.php')
-rw-r--r--vendor/symfony/debug/Tests/ExceptionHandlerTest.php11
1 files changed, 10 insertions, 1 deletions
diff --git a/vendor/symfony/debug/Tests/ExceptionHandlerTest.php b/vendor/symfony/debug/Tests/ExceptionHandlerTest.php
index e166136cbb..4910fe5ec9 100644
--- a/vendor/symfony/debug/Tests/ExceptionHandlerTest.php
+++ b/vendor/symfony/debug/Tests/ExceptionHandlerTest.php
@@ -48,8 +48,17 @@ class ExceptionHandlerTest extends TestCase
$handler->sendPhpResponse(new \RuntimeException('Foo'));
$response = ob_get_clean();
- $this->assertContains('Whoops, looks like something went wrong.', $response);
+ $this->assertContains('<h1 class="break-long-words exception-message">Foo</h1>', $response);
$this->assertContains('<div class="trace trace-as-html">', $response);
+
+ // taken from https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
+ $htmlWithXss = '<body onload=alert(\'test1\')> <b onmouseover=alert(\'Wufff!\')>click me!</b> <img src="j&#X41vascript:alert(\'test2\')"> <meta http-equiv="refresh"
+content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg">';
+ ob_start();
+ $handler->sendPhpResponse(new \RuntimeException($htmlWithXss));
+ $response = ob_get_clean();
+
+ $this->assertContains(sprintf('<h1 class="break-long-words exception-message">%s</h1>', htmlspecialchars($htmlWithXss, ENT_COMPAT | ENT_SUBSTITUTE, 'UTF-8')), $response);
}
public function testStatusCode()