From a3b85d7b8560cdc1057fcaffa3acbd247b4b5b7a Mon Sep 17 00:00:00 2001
From: Thomas B. <thomas@roundcube.net>
Date: Mon, 07 Oct 2013 13:19:03 -0400
Subject: [PATCH] Merge pull request #133 from cwickert/release-0.9-canned-responses

---
 tests/src/htmlxss.txt |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/tests/src/htmlxss.txt b/tests/src/htmlxss.txt
index 60ceb94..f6c43e3 100644
--- a/tests/src/htmlxss.txt
+++ b/tests/src/htmlxss.txt
@@ -3,7 +3,7 @@
 
 <p><img onLoad.="alert(document.cookie)" src="skins/default/images/roundcube_logo.png" /></p>
 
-<p><a href="javascript:alert(document.cookie)">mail me!</a>
+<p><a href="mailto:xss@somehost.net') && alert(document.cookie) || ignore('">mail me!</a>
 <a href="http://roundcube.net" target="_self">roundcube.net</a>
 <a href="http://roundcube.net" \onmouseover="alert('XSS')">roundcube.net (2)</a>
 

--
Gitblit v1.9.1