|
|
@ -37,6 +37,23 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
|
|
|
|
$this->assertRegExp('|href="http://test.com">|', $washed, "Link href with newlines (#1488940)");
|
|
|
|
$this->assertRegExp('|href="http://test.com">|', $washed, "Link href with newlines (#1488940)");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
|
|
* Test XSS in area's href (#5240)
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
function test_href_area()
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
$html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">'
|
|
|
|
|
|
|
|
. '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
|
|
|
|
|
|
|
|
. '<area href="javascript:alert(document.domain)" shape=default>';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$washer = new rcube_washtml;
|
|
|
|
|
|
|
|
$washed = $washer->wash($html);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href");
|
|
|
|
|
|
|
|
$this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href");
|
|
|
|
|
|
|
|
$this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Test handling HTML comments
|
|
|
|
* Test handling HTML comments
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|