Created data filter to avoid XSS attack

_tests/unit/XSSTest.php

@@ -0,0 +1,56 @@
+<?php
+namespace Core;
+
+class XSSTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     *
+     * @test
+     */
+    public function HindariSeranganXSSBerhasil() {
+        $args = [
+            'data_biasa' => 'Abcdefghijklmnopqrstuvwxyz',
+            'data_xss' => '<b>A</b><b>z</b>',
+            'data_xss_exclude' => '<i>A</i><i>z</i>',
+            'data_xss_exclude_2' => '<i>A</i><i>z</i>',
+            'data_xss_exclude_3' => '<i>A</i><i>z</i>',
+        ];
+
+        $args['exclude'] = [
+            'data_xss_exclude',
+            'data_xss_exclude_3'
+        ];
+
+        $expected = [
+            'data_biasa' => 'Abcdefghijklmnopqrstuvwxyz',
+            'data_xss' => '&lt;b&gt;A&lt;/b&gt;&lt;b&gt;z&lt;/b&gt;',
+            'data_xss_exclude' => '<i>A</i><i>z</i>',
+            'data_xss_exclude_2' => '&lt;i&gt;A&lt;/i&gt;&lt;i&gt;z&lt;/i&gt;',
+            'data_xss_exclude_3' => '<i>A</i><i>z</i>'
+        ];
+
+        $this->assertEquals($expected, XSS::avoid($args));
+    }
+
+    /**
+     *
+     * @test
+     */
+    public function DecodeDataXSSBerhasil() {
+        $args = [
+            'data_encode' => '&lt;b&gt;A&lt;/b&gt;&lt;b&gt;z&lt;/b&gt;',
+            'data_encode_exclude' => '&lt;b&gt;A&lt;/b&gt;&lt;b&gt;z&lt;/b&gt;'
+        ];
+
+        $args['exclude'] = [
+            'data_encode_exclude'
+        ];
+
+        $expected = [
+            'data_encode' => '<b>A</b><b>z</b>',
+            'data_encode_exclude' => '&lt;b&gt;A&lt;/b&gt;&lt;b&gt;z&lt;/b&gt;'
+        ];
+
+        $this->assertEquals($expected, XSS::decode($args));
+    }
+}