sanitiser = new HtmlSanitiser; } // ------------------------------------------------------------------------- // XSS Attack Prevention Tests // ------------------------------------------------------------------------- public function test_removes_script_tags(): void { $malicious = '

Hello

World

'; $result = $this->sanitiser->sanitise($malicious); $this->assertStringNotContainsString('">Click'; $result = $this->sanitiser->sanitise($malicious); $this->assertStringNotContainsString('data:text/html', $result); $this->assertStringNotContainsString('">'; $result = $this->sanitiser->sanitise($malicious); $this->assertStringNotContainsString('assertStringNotContainsString('