Add test for #6410

6 years ago · 0dee528adb
parent adcac3b9de
commit 0dee528adb
2 changed files with 3 additions and 0 deletions
--- a/tests/MailFunc.php
+++ b/tests/MailFunc.php
@ -75,6 +75,7 @@ class MailFunc extends PHPUnit_Framework_TestCase

        $this->assertNotRegExp('/src="skins/', $washed, "Remove local references");
        $this->assertNotRegExp('/\son[a-z]+/', $washed, "Remove on* attributes");
+        $this->assertNotContains('onload', $washed, "Handle invalid style");

        $html = rcmail_html4inline($washed, array('container_id' => 'foo'));
        $this->assertNotRegExp('/onclick="return rcmail.command(\'compose\',\'xss@somehost.net\',this)"/', $html, "Clean mailto links");
--- a/tests/src/htmlxss.txt
+++ b/tests/src/htmlxss.txt
@ -18,5 +18,7 @@ Have a nice Christmas time.<br />
 Thomas
 </p>

+<html><svg><style><//><body onload=alert(1)>
+
 </body>
 </html>