MAGETWO-45688: Reflected XSS in Cookie HTTP header

Alexander Paliarush · Alexander Paliarush · commit a556a9349fa7 · 2016-01-14T18:05:17.000+02:00
diff --git a/lib/internal/Magento/Framework/Data/Test/Unit/Form/FormKeyTest.php b/lib/internal/Magento/Framework/Data/Test/Unit/Form/FormKeyTest.php
@@ -22,6 +22,11 @@ class FormKeyTest extends \PHPUnit_Framework_TestCase
      */
     protected $sessionMock;
 
+    /**
+     * @var \Zend\Escaper\Escaper|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $escaperMock;
+
     /**
      * @var FormKey
      */
@@ -32,9 +37,12 @@ protected function setUp()
         $this->mathRandomMock = $this->getMock('Magento\Framework\Math\Random', [], [], '', false);
         $methods = ['setData', 'getData'];
         $this->sessionMock = $this->getMock('Magento\Framework\Session\SessionManager', $methods, [], '', false);
+        $this->escaperMock = $this->getMock('Zend\Escaper\Escaper', ['escapeHtmlAttr'], [], '', false);
+        $this->escaperMock->expects($this->any())->method('escapeHtmlAttr')->willReturnArgument(0);
         $this->formKey = new FormKey(
             $this->mathRandomMock,
-            $this->sessionMock
+            $this->sessionMock,
+            $this->escaperMock
         );
     }
 
