diff options
| author | diosmosis <diosmosis@users.noreply.github.com> | 2018-12-13 08:32:41 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-12-13 08:32:41 +0300 |
| commit | fbb653568b627866db455a559e27441bc09719d0 (patch) | |
| tree | ca526ac9908b180b621b693802ac0ccdb3bb9ab6 /tests | |
| parent | 70533f52dfe5e1a90e056560f46bffb6fd61dd81 (diff) | |
Reject urls w/ control characters. (#13845)
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/PHPUnit/Unit/UrlHelperTest.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/PHPUnit/Unit/UrlHelperTest.php b/tests/PHPUnit/Unit/UrlHelperTest.php index 549ed0b5e4..200aed67e2 100644 --- a/tests/PHPUnit/Unit/UrlHelperTest.php +++ b/tests/PHPUnit/Unit/UrlHelperTest.php @@ -102,6 +102,8 @@ class UrlHelperTest extends \PHPUnit_Framework_TestCase array('dAtA://example.com/test', false), array('data://tel.org/http', false), array('smstest:456543', false), + array(urldecode('javascript://%0D%0Aalert(1)'), false), + array(urldecode('http://%0D%0Aalert(1)'), false), ]; } |