Mirror
/
RoundcubeMail
mirror of https://github.com/roundcube/roundcubemail.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Add some more tests for HREF attribute washing

pull/5248/head
Aleksander Machniak 9 years ago
parent
9cd4b1bc58
commit
ca9ad75d96
1 changed files with 7 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      tests/Framework/Washtml.php

9
tests/Framework/Washtml.php
View File

@ -15,7 +15,9 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
{
// #1488850
$html = '<p><a href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'
.'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
.'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>'
.'<p><A href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'
.'<A HREF="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
$washer = new rcube_washtml;
$washed = $washer->wash($html);
@ -44,7 +46,10 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
{
$html = '<p><area href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">'
. '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
. '<area href="javascript:alert(document.domain)" shape=default>';
. '<area href="javascript:alert(document.domain)" shape=default>'
. '<p><AREA HREF="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">'
. '<Area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
. '<area HREF="javascript:alert(document.domain)" shape=default>';
$washer = new rcube_washtml;
$washed = $washer->wash($html);

Write Preview
Loading…
Cancel
Save