link() $GLOBALS['egw'] = $this->getMockBuilder('Egw') ->disableOriginalConstructor() ->setMethods(['link', 'setup']) ->getMock(); } public function tearDown() { unset($GLOBALS['egw_inset_vars']); // Must remember to clear this, or other tests may break unset($GLOBALS['egw']); } /** * Test some strings for bad stuff * * @param String $pattern String to check * @param boolean $should_fail If we expect this string to fail * * @dataProvider patternProvider */ public function testPatterns($pattern, $should_fail) { $test = array($pattern); unset($GLOBALS['egw_unset_vars']); _check_script_tag($test,'test', false); $this->assertEquals(isset($GLOBALS['egw_unset_vars']), $should_fail); } public function patternProvider() { return array( // pattern, true: should fail, false: should not fail Array('< script >alert(1)< / script >', true), Array('blah', true), Array('Click Me', true), // from https://www.acunetix.com/websitesecurity/cross-site-scripting/ Array('', true), Array('', true), Array('