From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 tests/src/htmlxss.txt |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/tests/src/htmlxss.txt b/tests/src/htmlxss.txt
index 60ceb94..f6c43e3 100644
--- a/tests/src/htmlxss.txt
+++ b/tests/src/htmlxss.txt
@@ -3,7 +3,7 @@
 
 <p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p>
 
-<p><a href="javascript:alert(document.cookie)">mail me!</a>
+<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a>
 <a href="http://roundcube.net" target="_self">roundcube.net</a>
 <a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a>
 

--
Gitblit v1.9.1