githubFork/roundcubemail.git

File was renamed from tests/Utils.php
			@@ -5,7 +5,7 @@
			*
			* @package Tests
			*/
			class Utils extends PHPUnit_Framework_TestCase
			class Framework_Utils extends PHPUnit_Framework_TestCase
			{

			/**
			@@ -82,4 +82,38 @@
			$this->assertFalse(rcube_utils::check_email($email, false), $title);
			}

			/**
			* rcube_utils::mod_css_styles()
			*/
			function test_mod_css_styles()
			{
			$css = file_get_contents(TESTS_DIR . 'src/valid.css');
			$mod = rcube_utils::mod_css_styles($css, 'rcmbody');

			$this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition");
			$this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)");
			$this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)");
			$this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles");
			}

			/**
			* rcube_utils::mod_css_styles()
			*/
			function test_mod_css_styles_xss()
			{
			$mod = rcube_utils::mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody');
			$this->assertEquals("/* evil! */", $mod, "No url() values allowed");

			$mod = rcube_utils::mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody');
			$this->assertEquals("/* evil! */", $mod, "No import statements");

			$mod = rcube_utils::mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody');
			$this->assertEquals("/* evil! */", $mod, "No expression properties");

			$mod = rcube_utils::mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody');
			$this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks");

			$mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody');
			$this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)");
			}
			}