| | |
|---|
| | | { |
|---|
| | | // #1488850 |
|---|
| | | $html = '<p><a href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>' |
|---|
| | | .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>'; |
|---|
| | | .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>' |
|---|
| | | .'<p><A href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>' |
|---|
| | | .'<A HREF="vbscript:alert(document.cookie)">Internet Explorer</a></p>'; |
|---|
| | | |
|---|
| | | $washer = new rcube_washtml; |
|---|
| | | $washed = $washer->wash($html); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Test XSS in area's href (#5240) |
|---|
| | | */ |
|---|
| | | function test_href_area() |
|---|
| | | { |
|---|
| | | $html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">' |
|---|
| | | . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>' |
|---|
| | | . '<area href="javascript:alert(document.domain)" shape=default>' |
|---|
| | | . '<p><AREA HREF="data:text/html,<script>alert(document.cookie)</script>">' |
|---|
| | | . '<Area href="vbscript:alert(document.cookie)">Internet Explorer</p>' |
|---|
| | | . '<area HREF="javascript:alert(document.domain)" shape=default>'; |
|---|
| | | |
|---|
| | | $washer = new rcube_washtml; |
|---|
| | | $washed = $washer->wash($html); |
|---|
| | | |
|---|
| | | $this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href"); |
|---|
| | | $this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href"); |
|---|
| | | $this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Test handling HTML comments |
|---|
| | | */ |
|---|
| | | function test_comments() |
|---|
