Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/sink/__tests__/AphrontHTTPSinkTestCase.php
| Show All 30 Lines | final class AphrontHTTPSinkTestCase extends PhabricatorTestCase { | ||||
| protected function tryHTTPSinkStatusCode($input) { | protected function tryHTTPSinkStatusCode($input) { | ||||
| $sink = new AphrontIsolatedHTTPSink(); | $sink = new AphrontIsolatedHTTPSink(); | ||||
| $sink->writeHTTPStatus($input); | $sink->writeHTTPStatus($input); | ||||
| } | } | ||||
| public function testHTTPSinkResponseSplitting() { | public function testHTTPSinkResponseSplitting() { | ||||
| $input = $this->tryTestCaseMap( | $input = $this->tryTestCaseMap( | ||||
| array( | array( | ||||
| "test" => true, | 'test' => true, | ||||
| "test\nx" => false, | "test\nx" => false, | ||||
| "test\rx" => false, | "test\rx" => false, | ||||
| "test\0x" => false, | "test\0x" => false, | ||||
| ), | ), | ||||
| array($this, 'tryHTTPSinkResponseSplitting')); | array($this, 'tryHTTPSinkResponseSplitting')); | ||||
| } | } | ||||
| protected function tryHTTPSinkResponseSplitting($input) { | protected function tryHTTPSinkResponseSplitting($input) { | ||||
| Show All 22 Lines | $response = id(new AphrontJSONResponse()) | ||||
| 'x' => '<iframe>', | 'x' => '<iframe>', | ||||
| )); | )); | ||||
| $sink = new AphrontIsolatedHTTPSink(); | $sink = new AphrontIsolatedHTTPSink(); | ||||
| $sink->writeResponse($response); | $sink->writeResponse($response); | ||||
| $this->assertEqual( | $this->assertEqual( | ||||
| 'for (;;);{"x":"\u003ciframe\u003e"}', | 'for (;;);{"x":"\u003ciframe\u003e"}', | ||||
| $sink->getEmittedData(), | $sink->getEmittedData(), | ||||
| "JSONResponse should prevent content-sniffing attacks."); | 'JSONResponse should prevent content-sniffing attacks.'); | ||||
| } | } | ||||
| } | } | ||||