3 declare(strict_types = 1);
21 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
34 '<unknown unknown="unknown">value</unknown>',
35 '<unknown unknown="unknown">value</unknown>',
38 '<div class="nested"><unknown unknown="unknown">value</unknown></div>',
39 '<div class="nested"><unknown unknown="unknown">value</unknown></div>',
42 '<script>alert(1)</script>',
43 '<script>alert(1)</script>',
51 '<div unknown="unknown">value</div>',
55 '<div class="class">value</div>',
56 '<div class="class">value</div>',
59 '<div data-value="value">value</div>',
60 '<div data-value="value">value</div>',
63 '<div data-bool>value</div>',
64 '<div data-bool>value</div>',
67 '<img src="mailto:noreply@typo3.org" onerror="alert(1)">',
71 '<img src="https://typo3.org/logo.svg" onerror="alert(1)">',
72 '<img src="https://typo3.org/logo.svg">',
75 '<img src="http://typo3.org/logo.svg" onerror="alert(1)">',
76 '<img src="http://typo3.org/logo.svg">',
79 '<img src="/typo3.org/logo.svg" onerror="alert(1)">',
80 '<img src="/typo3.org/logo.svg">',
83 '<img src="typo3.org/logo.svg" onerror="alert(1)">',
84 '<img src="typo3.org/logo.svg">',
87 '<img src="//typo3.org/logo.svg" onerror="alert(1)">',
91 '<a href="https://typo3.org/" role="button">value</a>',
92 '<a href="https://typo3.org/" role="button">value</a>',
95 '<a href="ssh://example.org/" role="button">value</a>',
96 '<a role="button">value</a>',
99 '<a href="javascript:alert(1)" role="button">value</a>',
100 '<a role="button">value</a>',
103 '<a href="data:text/html;..." role="button">value</a>',
104 '<a role="button">value</a>',
107 '<a href="t3://page?uid=1" role="button">value</a>',
108 '<a href="t3://page?uid=1" role="button">value</a>',
111 '<a href="tel:123456789" role="button">value</a>',
112 '<a href="tel:123456789" role="button">value</a>',
116 '<a href="javascript:linkTo_UnCryptMailto(%27ocknvq%2CkphqBrtczku%5C%2Fmkghgt0fg%27);">email(at)domain.tld</a>',
117 '<a href="javascript:linkTo_UnCryptMailto(%27ocknvq%2CkphqBrtczku%5C%2Fmkghgt0fg%27);">email(at)domain.tld</a>',
121 '<a href="mailto:some.body@test.typo3.org">some.body(at)test.typo3(dot)org</a>',
124 '<a href="mailto:some.body@test.typo3.org">some.body(at)test.typo3(dot)org</a>',
128 '<a href="/" target="FEopenLink" onclick="openPic(\'\/\',\'FEopenLink\',\'width=200,height=300\');return false;">Link</a>',
129 '<a href="/" target="FEopenLink" onclick="openPic(\'\/\',\'FEopenLink\',\'width=200,height=300\');return false;">Link</a>'
133 '<a href="/index.php?eID=tx_cms_showpic" onclick="openPic(\'\/index.php?eID=tx_cms_showpic\u0026file=77\u0026md5=45a4b6287f68a61cf617a470e853d857461bc1d2\u0026parameters%5B0%5D=W10%3D\',\'thePicture\',\'width=1200,height=1799,status=0,menubar=0,=\'); return false;" target="thePicture"><img src="/logo.png"></a>',
134 '<a href="/index.php?eID=tx_cms_showpic" onclick="openPic(\'\/index.php?eID=tx_cms_showpic\u0026file=77\u0026md5=45a4b6287f68a61cf617a470e853d857461bc1d2\u0026parameters%5B0%5D=W10%3D\',\'thePicture\',\'width=1200,height=1799,status=0,menubar=0,=\'); return false;" target="thePicture"><img src="/logo.png"></a>'
137 '<p data-bool><span data-bool><strong data-bool>value</strong></span></p>',
138 '<p data-bool><span data-bool><strong data-bool>value</strong></span></p>'
142 '<span style="color: orange">value</span>',
143 '<span style="color: orange">value</span>',
154 public function isSanitized(
string $payload,
string $expectation): void
157 $builder = $factory->build(
'default');
158 $sanitizer = $builder->build();
159 self::assertSame($expectation, $sanitizer->sanitize($payload));