summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/parser/parserTests.txt64
-rw-r--r--tests/phpunit/includes/api/ApiBlockTest.php16
-rw-r--r--tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js4
3 files changed, 66 insertions, 18 deletions
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index e9218dec..f0603e75 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -8470,6 +8470,70 @@ MSIE CSS safety test: comment in expression
!! end
+!! test
+CSS safety test: vertical tab
+!! input
+<p style="font-size: 100px; background-image:url\b(https://www.google.com/images/srpr/logo6w.png)">A</p>
+!! result
+<p style="/* invalid control char */">A</p>
+
+!! end
+
+!! test
+MSIE CSS safety test: Fullwidth
+!! input
+<p style="font-size: 100px; color: expression((title='XSSed'),'red')">A</p>
+<div style="top:EXPRESSION(alert())">B</div>
+!! result
+<p style="/* insecure input */">A</p>
+<div style="/* insecure input */">B</div>
+
+!! end
+
+!! test
+MSIE CSS safety test: IPA extensions
+!! input
+<div style="background-image:uʀʟ(javascript:alert())">A</div>
+<p style="font-size: 100px; color: expʀessɪoɴ((title='XSSed'),'red')">B</p>
+!! result
+<div style="/* insecure input */">A</div>
+<p style="/* insecure input */">B</p>
+
+!! end
+
+!! test
+MSIE CSS safety test: sup/sub script
+!! input
+<div style="background-image:url⁽javascript:alert())">A</div>
+<div style="background-image:url₍javascript:alert())">B</div>
+<p style="font-size: 100px; color: expressioⁿ((title='XSSed'),'red')">C</p>
+!! result
+<div style="/* insecure input */">A</div>
+<div style="/* insecure input */">B</div>
+<p style="/* insecure input */">C</p>
+
+!! end
+
+!! test
+MSIE CSS safety test: Repetition markers
+!! input
+<p style="font-size: 100px; color: expres〱ion((title='XSSed'),'red')">A</p>
+<p style="font-size: 100px; color: expresゝion((title='XSSed'),'red')">B</p>
+<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">C</p>
+<p style="font-size: 100px; color: expresヽion((title='XSSed'),'red')">D</p>
+<p style="font-size: 100px; color: expresﹽion((title='XSSed'),'red')">E</p>
+<p style="font-size: 100px; color: expresﹼion((title='XSSed'),'red')">F</p>
+<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">G</p>
+!! result
+<p style="/* insecure input */">A</p>
+<p style="/* insecure input */">B</p>
+<p style="/* insecure input */">C</p>
+<p style="/* insecure input */">D</p>
+<p style="/* insecure input */">E</p>
+<p style="/* insecure input */">F</p>
+<p style="/* insecure input */">G</p>
+
+!! end
!! test
Table attribute legitimate extension
diff --git a/tests/phpunit/includes/api/ApiBlockTest.php b/tests/phpunit/includes/api/ApiBlockTest.php
index 8f6b9352..94643b10 100644
--- a/tests/phpunit/includes/api/ApiBlockTest.php
+++ b/tests/phpunit/includes/api/ApiBlockTest.php
@@ -70,22 +70,6 @@ class ApiBlockTest extends ApiTestCase {
}
/**
- * @dataProvider provideBlockUnblockAction
- */
- function testGetTokenUsingABlockingAction( $action ) {
- $data = $this->doApiRequest(
- array(
- 'action' => $action,
- 'user' => 'UTApiBlockee',
- 'gettoken' => '' ),
- null,
- false,
- self::$users['sysop']->user
- );
- $this->assertEquals( 34, strlen( $data[0][$action]["{$action}token"] ) );
- }
-
- /**
* Attempting to block without a token should give a UsageException with
* error message:
* "The token parameter must be set"
diff --git a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js
index bba3160a..6fc0731c 100644
--- a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js
+++ b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js
@@ -83,8 +83,8 @@
'</div>' +
'<ul><li></li></ul>' +
'</td></tr></table>';
- $( tocHtml ).appendTo( '#qunit-fixture' ),
- $toggleLink = $( '#togglelink' );
+ $( tocHtml ).appendTo( '#qunit-fixture' );
+ $toggleLink = $( '#togglelink' );
assert.strictEqual( $toggleLink.length, 1, 'Toggle link is appended to the page.' );