[TYPO3-mvc] viewhelpers: stripHTML & removeXSS - what should be tested?
Andreas Rieser
A.Rieser at t3site.com
Tue May 19 17:09:45 CEST 2009
Hi @ all!
This morning I sent Sebastian Kurfürst the last two missing
ViewHelpers stripHTML & removeXSS - well, not exactly a big deal,
because these are only wrappers for core / php functions, but better
than nothing...
Btw.: They are in the wiki as well. Currently I have not created
tests for these - but I'd like to do this as well. My question is:
what should be tested?
Is it sufficient to take example strings, pass them to the functions
and assert that the result is correct?
I mean something really basic like:
stripHTML: "<h1>Test</h1>" -> "Test"
removeXSS: "<h1>Test<script>alert('XSS vulnerability!)</script></h1>"
-> "<h1>Test</h1>"
Or should testing go into details - if yes, how far does this make
sense?
Regards,
Andreas
More information about the TYPO3-project-typo3v4mvc
mailing list