From 05ed59841a6e9f43900c1b1c09ca4baf9e6cf4ff Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Fri, 22 Nov 2024 17:56:27 +0900
Subject: [PATCH] =?UTF-8?q?default=20pattern=20=E3=81=AE=E3=82=B5=E3=83=8B?=
 =?UTF-8?q?=E3=82=BF=E3=82=A4=E3=82=BA=E3=81=AE=E3=81=82=E3=81=A8=E3=80=81?=
 =?UTF-8?q?HTMLPurifier=20=E3=81=AB=E3=82=88=E3=81=A3=E3=81=A6=E5=AE=8C?=
 =?UTF-8?q?=E5=85=A8=E3=81=AB=E5=89=8A=E9=99=A4=E3=81=95=E3=82=8C=E3=82=8B?=
 =?UTF-8?q?=E5=A0=B4=E5=90=88=E3=81=8C=E3=81=82=E3=82=8B=E3=83=86=E3=82=B9?=
 =?UTF-8?q?=E3=83=88=E3=82=92=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../modifier/Modifier_ScriptEscapeTest.php    | 57 ++++++++++---------
 1 file changed, 29 insertions(+), 28 deletions(-)

diff --git a/tests/class/modifier/Modifier_ScriptEscapeTest.php b/tests/class/modifier/Modifier_ScriptEscapeTest.php
index fa35449aba..0eff2d46c8 100644
--- a/tests/class/modifier/Modifier_ScriptEscapeTest.php
+++ b/tests/class/modifier/Modifier_ScriptEscapeTest.php
@@ -11,33 +11,34 @@ class Modifier_ScriptEscapeTest extends PHPUnit_Framework_TestCase
 {
     public function scriptEscapeProvider()
     {
+        $default_pattern = '/#script escaped#/';
         return [
-            ['<script type="text/javascript"></script>'],
-            ['<svg onload="alert(1)">test</svg>'],
-            ['<img onload="alert(1)">test</img>'],
-            ['<body onload="alert(1)">test</body>'],
-            ['<iframe></iframe>'],
-            ['<object></object>'],
-            ['<embed>'],
-            ['\"onclick=\"alert(1)\"'],
-            ['<p onclick="alert(1)">test</p>'],
-            ['<p onsubmit="alert(1)">test</p>'],
-            ['<p style="" onclick="alert(1)">test</p>'],
-            ['<input type="button"onfocus="alert(1)">'],
-            ['<input type="button" onblur="alert(1)">'],
-            ['<input onfocus="alert(1)" type="button">'],
-            ['<body onresize="alert(1)">'],
-            ['<div onscroll="alert(1)">'],
-            ['<div>javascript:test()</div>'],
-            ['<input type="button" ondblclick="alert(1)">'],
-            ['<input type="text" onchange="alert(1);">'],
-            ['<input type="text" onselect="alert(1);">'],
-            ['<form onsubmit="alert(1);">'],
-            ['<input type="button" onkeydown="alert(1)">'],
-            ['<input type="button" onkeypress="alert(1)">'],
-            ['<input type="button" onkeyup="alert(1)">'],
-            ['<input type=\"button\"\nonclick=\"alert(1)\">'],
-            ['<div/onscroll="alert(1)">'],
+            ['<script type="text/javascript"></script>', $default_pattern],
+            ['<svg onload="alert(1)">test</svg>', $default_pattern],
+            ['<img onload="alert(1)">test</img>', $default_pattern],
+            ['<body onload="alert(1)">test</body>', $default_pattern],
+            ['<iframe></iframe>', $default_pattern],
+            ['<object></object>', $default_pattern],
+            ['<embed>', $default_pattern],
+            ['\"onclick=\"alert(1)\"', $default_pattern],
+            ['<p onclick="alert(1)">test</p>', $default_pattern],
+            ['<p onsubmit="alert(1)">test</p>', $default_pattern],
+            ['<p style="" onclick="alert(1)">test</p>', $default_pattern],
+            ['<input type="button"onfocus="alert(1)">', '//'], // HTMLPurifier によって完全に削除される
+            ['<input type="button" onblur="alert(1)">', $default_pattern],
+            ['<input onfocus="alert(1)" type="button">', $default_pattern],
+            ['<body onresize="alert(1)">', $default_pattern],
+            ['<div onscroll="alert(1)">', $default_pattern],
+            ['<div>javascript:test()</div>', $default_pattern],
+            ['<input type="button" ondblclick="alert(1)">', $default_pattern],
+            ['<input type="text" onchange="alert(1);">', $default_pattern],
+            ['<input type="text" onselect="alert(1);">', $default_pattern],
+            ['<form onsubmit="alert(1);">', $default_pattern],
+            ['<input type="button" onkeydown="alert(1)">', $default_pattern],
+            ['<input type="button" onkeypress="alert(1)">', $default_pattern],
+            ['<input type="button" onkeyup="alert(1)">', $default_pattern],
+            ['<input type=\"button\"\nonclick=\"alert(1)\">', '//'], // HTMLPurifier によって完全に削除される
+            ['<div/onscroll="alert(1)">', $default_pattern],
         ];
     }
 
@@ -58,10 +59,10 @@ public function scriptNoEscapeProvider()
     /**
      * @dataProvider scriptEscapeProvider
      */
-    public function testメールテンプレートエスケープされる($value)
+    public function testメールテンプレートエスケープされる($value, $pattern)
     {
         $ret = smarty_modifier_script_escape($value);
-        $pattern = '/#script escaped#/';
+        var_dump($ret);
         $this->assertMatchesRegularExpression($pattern, $ret);
     }