<?php
+use Wikimedia\TestingAccessWrapper;
+
+/**
+ * @group Database
+ */
class MessageTest extends MediaWikiLangTestCase {
protected function setUp() {
return [
[ '<span>foo</span>', 'parse', '<span>foo</span>', '<span>foo</span>' ],
[ '<span>foo</span>', 'escaped', '<span>foo</span>',
- '<span>foo</span>' ],
+ '<span>foo</span>' ],
[ '<span>foo</span>', 'plain', '<span>foo</span>', '<span>foo</span>' ],
[ '<script>alert(1)</script>', 'parse', '<script>alert(1)</script>',
'<script>alert(1)</script>' ],
[ '<script>alert(1)</script>', 'escaped', '<script>alert(1)</script>',
'<script>alert(1)</script>' ],
[ '<script>alert(1)</script>', 'plain', '<script>alert(1)</script>',
- '<script>alert(1)</script>' ],
+ '<script>alert(1)</script>' ],
];
}
$this->assertSame( 'example &', $msg->escaped() );
}
+ public function testRawHtmlInMsg() {
+ global $wgParserConf;
+ $this->setMwGlobals( 'wgRawHtml', true );
+ // We have to reset the core hook registration.
+ // to register the html hook
+ MessageCache::destroyInstance();
+ $this->setMwGlobals( 'wgParser',
+ ObjectFactory::constructClassInstance( $wgParserConf['class'], [ $wgParserConf ] )
+ );
+
+ $msg = new RawMessage( '<html><script>alert("xss")</script></html>' );
+ $txt = '<span class="error"><html> tags cannot be' .
+ ' used outside of normal pages.</span>';
+ $this->assertSame( $txt, $msg->parse() );
+ }
+
/**
* @covers Message::params
* @covers Message::toString
/**
* FIXME: This should not need database, but Language#formatExpiry does (T57912)
- * @group Database
* @covers Message::expiryParam
* @covers Message::expiryParams
*/