[TYPO3-mvc] viewhelpers: stripHTML & removeXSS - what should be tested?
Helmut Hummel
typo3 at jhpc.de
Wed May 20 09:32:23 CEST 2009
Hi,
Andreas Rieser schrieb:
>
> Is it sufficient to take example strings, pass them to the functions and
> assert that the result is correct?
> I mean something really basic like:
>
> stripHTML: "<h1>Test</h1>" -> "Test"
> removeXSS: "<h1>Test<script>alert('XSS vulnerability!)</script></h1>" ->
> "<h1>Test</h1>"
>
> Or should testing go into details - if yes, how far does this make sense?
Aren't there testcases for removeXSS already? I think Steffen Kamper did
something about this?
Anyway, the view helper should call the t3lib_div function so the test
belongs there, not into fluid.
Regards Helmut
More information about the TYPO3-project-typo3v4mvc
mailing list