From ca9ad75d96f9af0b7ced8b51644bfca4361ea39c Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 08 May 2016 04:06:24 -0400
Subject: [PATCH] Add some more tests for HREF attribute washing

---
 tests/Framework/Washtml.php |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index 2e68179..ef4b2e9 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -15,7 +15,9 @@
     {
         // #1488850
         $html = '<p><a href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'
-            .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
+            .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>'
+            .'<p><A href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">Firefox</a>'
+            .'<A HREF="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
 
         $washer = new rcube_washtml;
         $washed = $washer->wash($html);
@@ -44,7 +46,10 @@
     {
         $html = '<p><area href="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">'
             . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
-            . '<area href="javascript:alert(document.domain)" shape=default>';
+            . '<area href="javascript:alert(document.domain)" shape=default>'
+            . '<p><AREA HREF="data:text/html,&lt;script&gt;alert(document.cookie)&lt;/script&gt;">'
+            . '<Area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
+            . '<area HREF="javascript:alert(document.domain)" shape=default>';
 
         $washer = new rcube_washtml;
         $washed = $washer->wash($html);

--
Gitblit v1.9.1