root/trunk/plagger/t/plugins/Bundle-Planet/vulnerability.t

Revision 1656 (checked in by miyagawa, 14 years ago)
  • Updated captured variable name to $warnings.
  • Fixed POD bug in Publish::Takahashi
  • Updated ID of Publish::Takahashi test to use MD5 of file path, since it depends on local path, Eh.
  • Added failing test for Planet XSS bug
Line 
1 use strict;
2 use FindBin;
3 use File::Path;
4 use t::TestPlagger;
5
6 test_plugin_deps;
7 plan 'no_plan';
8
9 our $dir    = "$FindBin::Bin/planet";
10 our $output = "$dir/index.html";
11
12 run_eval_expected;
13
14 END {
15 #    rmtree $dir if $dir && -e $dir;
16 }
17
18 __END__
19
20 === Test evil JS code
21 --- input config
22 plugins:
23   - module: Subscription::Config
24     config:
25       feed:
26         - file://$t::TestPlagger::BaseDirURI/t/samples/evil.xml
27   - module: Bundle::Planet
28     config:
29       dir: $main::dir
30       title: Planet Foobar
31       url: http://planet.plagger.org/
32       theme: sixapart-std
33       stylesheet: foo.css
34       duration: 0
35 --- expected
36 ok -e $main::output;
37 file_doesnt_contain($main::output, q(src.="javascript:));
Note: See TracBrowser for help on using the browser.