Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]
Unit tests for core renderer render template exploit.
Copyright: | 2019 Ryan Wyllie <ryan@moodle.com> |
License: | http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later |
File Size: | 462 lines (18 kb) |
Included or required: | 0 times |
Referenced: | 0 times |
Includes or requires: | 0 files |
core_renderer_template_exploit_testcase:: (2 methods):
get_template_testcases()
test_core_mustache_engine_strips_js_helper()
Class: core_renderer_template_exploit_testcase - X-Ref
Unit tests for core renderer render template exploit.get_template_testcases() X-Ref |
Test cases to confirm that blacklisted helpers are stripped from the source text by the helper before being passed to other another helper. This prevents nested calls to helpers. |
test_core_mustache_engine_strips_js_helper($templates,$torender,$context,$helpers,$js,$expected,$include) X-Ref |
Test that the mustache_helper_collection class correctly strips param: string $templates The template to add param: string $torender The name of the template to render param: array $context The template context param: array $helpers Mustache helpers to add param: string $js The JS string from the template param: string $expected The expected output of the string after stripping JS param: bool $include If the JS should be added to the page or not |