Roundcubemail devel
parent: 9cd4b1bc | patch | commit | ignore whitespace
Aleksander Machniak
2016-05-08 ca9ad75d96f9af0b7ced8b51644bfca4361ea39c 
Add some more tests for HREF attribute washing
1 files modified
9 ■■■■ changed files
tests/Framework/Washtml.php 9 ●●●● patch | view | raw | blame | history 
 tests/Framework/Washtml.php


@@ -15,7 +15,9 @@


    {


        // #1488850


        $html = '<p><a href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'


            .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';


            .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>'


            .'<p><A href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'


            .'<A HREF="vbscript:alert(document.cookie)">Internet Explorer</a></p>';




        $washer = new rcube_washtml;


        $washed = $washer->wash($html);


@@ -44,7 +46,10 @@


    {


        $html = '<p><area href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">'


            . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>'


            . '<area href="javascript:alert(document.domain)" shape=default>';


            . '<area href="javascript:alert(document.domain)" shape=default>'


            . '<p><AREA HREF="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">'


            . '<Area href="vbscript:alert(document.cookie)">Internet Explorer</p>'


            . '<area HREF="javascript:alert(document.domain)" shape=default>';




        $washer = new rcube_washtml;


        $washed = $washer->wash($html);