PHP Classes

File: test/InvalidInputTest.php

Recommend this page to a friend!
  Classes of Scott Arciszewski   PHP CSP Header Builder   test/InvalidInputTest.php   Download  
File: test/InvalidInputTest.php
Role: Class source
Content type: text/plain
Description: Class source
Class: PHP CSP Header Builder
Generate Content Security Policy headers
Author: By
Last change:
Date: 5 months ago
Size: 926 bytes
 

Contents

Class file image Download
<?php
declare(strict_types=1);

namespace ParagonIE\CSPBuilderTest;

use PHPUnit\Framework\TestCase;
use ParagonIE\CSPBuilder\CSPBuilder;

class InvalidInputTest extends TestCase
{
    public function testRejectSemicolon()
    {
        $csp = (new CSPBuilder([]))
            ->setReportUri('https://example.com/csp_report.php; hello world')
            ->compile();

        $this->assertStringNotContainsString(
            $csp,
            'report-uri https://example.com/csp_report.php; hello world',
            'Semicolon injection is possible'
        );
    }

    public function testRejectCrLf()
    {
        $csp = (new CSPBuilder([]))
            ->setReportUri("https://example.com/csp_report.php;\r\nContent-Type:text/plain")
            ->compile();

        $this->assertStringNotContainsString(
            $csp,
            "\r\nContent-Type:",
            "CRLF Injection is possible"
        );
    }
}