From 1b39c964abdd9fc20497575bda35e18cddd23f1d Mon Sep 17 00:00:00 2001
From: Antoine Musso <hashar@users.mediawiki.org>
Date: Mon, 24 Oct 2011 08:39:58 +0000
Subject: [PATCH] Test handling of escaped CSS comments

r85856 fixed a CSS injection issue but lacked testing. This
test verify we properly strip out CSS comments even when the
token delimiter '/*' is backslash-escaped : \2f\2a
---
 tests/phpunit/includes/SanitizerTest.php | 26 ++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/tests/phpunit/includes/SanitizerTest.php b/tests/phpunit/includes/SanitizerTest.php
index 2959e6ff04..b76aa5c762 100644
--- a/tests/phpunit/includes/SanitizerTest.php
+++ b/tests/phpunit/includes/SanitizerTest.php
@@ -126,5 +126,31 @@ class SanitizerTest extends MediaWikiTestCase {
 		$GLOBALS['wgCleanupPresentationalAttributes'] = false;
 		$this->assertEquals( Sanitizer::fixTagAttributes( 'clear="left"', 'br' ), ' clear="left"', 'Deprecated attributes are not converted to styles when enabled.' );
 	}
+
+	/**
+	 * @dataProvider provideCssCommentsFixtures
+	 */
+	function testCssCommentsChecking( $expected, $css, $message = '' ) {
+		$this->assertEquals(
+			$expected,
+			Sanitizer::checkCss( $css ),
+			$message
+		);
+	}
+
+	function provideCssCommentsFixtures() {
+		/** array( <expected>, <css>, [message] ) */
+		return array(
+			array( ' ', '/**/' ),
+			array( ' ', '/****/' ),
+			array( ' ', '/* comment */' ),
+			array( ' ', "\\2f\\2a foo \\2a\\2f",
+				'Backslash-escaped comments must be stripped (bug 28450)' ),
+			array( '', '/* unfinished comment structure',
+	 			'Remove anything after a comment-start token' ),
+			array( '', "\\2f\\2a unifinished comment'",
+	 			'Remove anything after a backslash-escaped comment-start token' ),
+		);
+	}
 }
 
-- 
2.20.1