|
|
@ -15,7 +15,9 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
|
|
|
|
{
|
|
|
|
{
|
|
|
|
// #1488850
|
|
|
|
// #1488850
|
|
|
|
$html = '<p><a href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>'
|
|
|
|
$html = '<p><a href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>'
|
|
|
|
.'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
|
|
|
|
.'<a href="vbscript:alert(document.cookie)">Internet Explorer</a></p>'
|
|
|
|
|
|
|
|
.'<p><A href="data:text/html,<script>alert(document.cookie)</script>">Firefox</a>'
|
|
|
|
|
|
|
|
.'<A HREF="vbscript:alert(document.cookie)">Internet Explorer</a></p>';
|
|
|
|
|
|
|
|
|
|
|
|
$washer = new rcube_washtml;
|
|
|
|
$washer = new rcube_washtml;
|
|
|
|
$washed = $washer->wash($html);
|
|
|
|
$washed = $washer->wash($html);
|
|
|
@ -44,7 +46,10 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">'
|
|
|
|
$html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">'
|
|
|
|
. '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
|
|
|
|
. '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
|
|
|
|
. '<area href="javascript:alert(document.domain)" shape=default>';
|
|
|
|
. '<area href="javascript:alert(document.domain)" shape=default>'
|
|
|
|
|
|
|
|
. '<p><AREA HREF="data:text/html,<script>alert(document.cookie)</script>">'
|
|
|
|
|
|
|
|
. '<Area href="vbscript:alert(document.cookie)">Internet Explorer</p>'
|
|
|
|
|
|
|
|
. '<area HREF="javascript:alert(document.domain)" shape=default>';
|
|
|
|
|
|
|
|
|
|
|
|
$washer = new rcube_washtml;
|
|
|
|
$washer = new rcube_washtml;
|
|
|
|
$washed = $washer->wash($html);
|
|
|
|
$washed = $washer->wash($html);
|
|
|
|