diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 15:21:02 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-30 15:21:02 -0700 |
| commit | beb711d6a0fedac0d4ca3b9bae162a6ce9d6cdeb (patch) | |
| tree | bfb916d5c36c686b4ebcdab8e8c820b7f5302ace /modules/gallery/tests/Xss_Security_Test.php | |
| parent | b5813f92c7a73e11d47d1943c217fdf6b7e41de9 (diff) | |
Rename clean_js to js_string and have it return a complete JS string (with delimiters) instead of just the string contents.
Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
Diffstat (limited to 'modules/gallery/tests/Xss_Security_Test.php')
| -rw-r--r-- | modules/gallery/tests/Xss_Security_Test.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index b385580d..3a22afc1 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -188,7 +188,7 @@ class Xss_Security_Test extends Unit_Test_Case { if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && in_array($tokens[$token_number + 2][1], - array("clean", "purify", "clean_js", "clean_attribute")) && + array("clean", "purify", "js_string", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). @@ -198,7 +198,7 @@ class Xss_Security_Test extends Unit_Test_Case { $token_number += 3; $token = $tokens[$token_number]; - if ("clean_js" == $method) { + if ("js_string" == $method) { $frame->is_safe_js(true); } else { $frame->is_safe_html(true); |