From 0344b168276f80189e2254c75a762aff5b517b6b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 22 May 2016 06:32:57 -0400
Subject: [PATCH] Fix priority icon(s) position
---
tests/Framework/Washtml.php | 24 +++++++++++++++++++++++-
1 files changed, 23 insertions(+), 1 deletions(-)
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index 9515f0d..ef4b2e9 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -15,7 +15,9 @@
{
// #1488850
$html = '<p><a href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>'
- .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
+ .'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>'
+ .'<p><A href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>'
+ .'<A HREF="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
$washer = new rcube_washtml;
$washed = $washer->wash($html);
@@ -38,6 +40,26 @@
}
/**
+ * Test XSS in area's href (#5240)
+ */
+ function test_href_area()
+ {
+ $html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">'
+ . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
+ . '<area href="javascript:alert(document.domain)" shape=default>'
+ . '<p><AREA HREF="data:text/html,<script>alert(document.cookie)</script>">'
+ . '<Area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
+ . '<area HREF="javascript:alert(document.domain)" shape=default>';
+
+ $washer = new rcube_washtml;
+ $washed = $washer->wash($html);
+
+ $this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href");
+ $this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href");
+ $this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href");
+ }
+
+ /**
* Test handling HTML comments
*/
function test_comments()
--
Gitblit v1.9.1