diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/parser/parserTests.txt | 64 | ||||
-rw-r--r-- | tests/phpunit/includes/api/ApiBlockTest.php | 16 | ||||
-rw-r--r-- | tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js | 4 |
3 files changed, 66 insertions, 18 deletions
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index e9218dec..f0603e75 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -8470,6 +8470,70 @@ MSIE CSS safety test: comment in expression !! end +!! test +CSS safety test: vertical tab +!! input +<p style="font-size: 100px; background-image:url\b(https://www.google.com/images/srpr/logo6w.png)">A</p> +!! result +<p style="/* invalid control char */">A</p> + +!! end + +!! test +MSIE CSS safety test: Fullwidth +!! input +<p style="font-size: 100px; color: expression((title='XSSed'),'red')">A</p> +<div style="top:EXPRESSION(alert())">B</div> +!! result +<p style="/* insecure input */">A</p> +<div style="/* insecure input */">B</div> + +!! end + +!! test +MSIE CSS safety test: IPA extensions +!! input +<div style="background-image:uʀʟ(javascript:alert())">A</div> +<p style="font-size: 100px; color: expʀessɪoɴ((title='XSSed'),'red')">B</p> +!! result +<div style="/* insecure input */">A</div> +<p style="/* insecure input */">B</p> + +!! end + +!! test +MSIE CSS safety test: sup/sub script +!! input +<div style="background-image:url⁽javascript:alert())">A</div> +<div style="background-image:url₍javascript:alert())">B</div> +<p style="font-size: 100px; color: expressioⁿ((title='XSSed'),'red')">C</p> +!! result +<div style="/* insecure input */">A</div> +<div style="/* insecure input */">B</div> +<p style="/* insecure input */">C</p> + +!! end + +!! test +MSIE CSS safety test: Repetition markers +!! input +<p style="font-size: 100px; color: expres〱ion((title='XSSed'),'red')">A</p> +<p style="font-size: 100px; color: expresゝion((title='XSSed'),'red')">B</p> +<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">C</p> +<p style="font-size: 100px; color: expresヽion((title='XSSed'),'red')">D</p> +<p style="font-size: 100px; color: expresﹽion((title='XSSed'),'red')">E</p> +<p style="font-size: 100px; color: expresﹼion((title='XSSed'),'red')">F</p> +<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">G</p> +!! result +<p style="/* insecure input */">A</p> +<p style="/* insecure input */">B</p> +<p style="/* insecure input */">C</p> +<p style="/* insecure input */">D</p> +<p style="/* insecure input */">E</p> +<p style="/* insecure input */">F</p> +<p style="/* insecure input */">G</p> + +!! end !! test Table attribute legitimate extension diff --git a/tests/phpunit/includes/api/ApiBlockTest.php b/tests/phpunit/includes/api/ApiBlockTest.php index 8f6b9352..94643b10 100644 --- a/tests/phpunit/includes/api/ApiBlockTest.php +++ b/tests/phpunit/includes/api/ApiBlockTest.php @@ -70,22 +70,6 @@ class ApiBlockTest extends ApiTestCase { } /** - * @dataProvider provideBlockUnblockAction - */ - function testGetTokenUsingABlockingAction( $action ) { - $data = $this->doApiRequest( - array( - 'action' => $action, - 'user' => 'UTApiBlockee', - 'gettoken' => '' ), - null, - false, - self::$users['sysop']->user - ); - $this->assertEquals( 34, strlen( $data[0][$action]["{$action}token"] ) ); - } - - /** * Attempting to block without a token should give a UsageException with * error message: * "The token parameter must be set" diff --git a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js index bba3160a..6fc0731c 100644 --- a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js +++ b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js @@ -83,8 +83,8 @@ '</div>' + '<ul><li></li></ul>' + '</td></tr></table>'; - $( tocHtml ).appendTo( '#qunit-fixture' ), - $toggleLink = $( '#togglelink' ); + $( tocHtml ).appendTo( '#qunit-fixture' ); + $toggleLink = $( '#togglelink' ); assert.strictEqual( $toggleLink.length, 1, 'Toggle link is appended to the page.' ); |