SECURITY: blacklist CSS var()

[lhc/web/wiklou.git] / tests / phpunit / includes / parser / SanitizerTest.php

diff --git a/tests/phpunit/includes/parser/SanitizerTest.php b/tests/phpunit/includes/parser/SanitizerTest.php
index f6061b8..1b67bbd 100644 (file)
--- a/tests/phpunit/includes/parser/SanitizerTest.php
+++ b/tests/phpunit/includes/parser/SanitizerTest.php
@@ -101,6 +101,7 @@ class SanitizerTest extends MediaWikiTestCase {
         */
        public function testRemovehtmltagsOnHtml5Tags( $tag, $escaped ) {
                $this->hideDeprecated( 'disabling tidy' );
+               $this->hideDeprecated( 'MWTidy::setInstance' );
                MWTidy::setInstance( false );
 
                if ( $escaped ) {
@@ -164,6 +165,7 @@ class SanitizerTest extends MediaWikiTestCase {
         */
        public function testRemoveHTMLtags( $input, $output, $msg = null ) {
                $this->hideDeprecated( 'disabling tidy' );
+               $this->hideDeprecated( 'MWTidy::setInstance' );
                MWTidy::setInstance( false );
                $this->assertEquals( $output, Sanitizer::removeHTMLtags( $input ), $msg );
        }
@@ -324,6 +326,7 @@ class SanitizerTest extends MediaWikiTestCase {
                        ],
                        [ '/* insecure input */', 'foo: attr( title, url );' ],
                        [ '/* insecure input */', 'foo: attr( title url );' ],
+                       [ '/* insecure input */', 'foo: var(--evil-attribute)' ],
                ];
        }
 
@@ -525,6 +528,7 @@ class SanitizerTest extends MediaWikiTestCase {
                        ],
                        [ '1<span class="<?php">2</span>3', '123' ],
                        [ '1<span class="<?">2</span>3', '123' ],
+                       [ '<th>1</th><td>2</td>', '1 2' ],
                ];
        }