[TYPO3-mvc] viewhelpers: stripHTML & removeXSS - what should be tested?
Sebastian KurfŸürst
sebastian at typo3.org
Fri May 22 09:20:05 CEST 2009
Hey everybody,
>> So there shouldn't be any test to make sure that this call actually
>> works?
>
> So you want to simply write a test, that t3lib_div::removeXSS is called,
> no matter what the function call returns? I think this would be possible.
Actually I think this is quite difficult to write such a test because
static methods are not test-friendly at all. (That's the reason why
there are no static methods in FLOW3 at all, but the distinction of
Singleton and Prototype done by the Dependency Injection Framework)
> Testing the output of strip_tags()? I'm no expert in unit testing, but
> this test seems obsolete to me.
I think so, too.
> When thinking about this, I now wonder if stripHTML and removeXSS should
> be implemented as view helpers at all.
>
> Probably this belongs to the property validation framework, doesn't it?
The property validation framework is used when data is submitted from
the View to the Controller (HTTP Requests). However, we still need a
standard way to prevent XSS attacks in the view for all the data
presented to the user. Thus, I think these ViewHelpers make sense.
Greets,
Sebastian
More information about the TYPO3-project-typo3v4mvc
mailing list