diff options
author | Aleksander Machniak <alec@alec.pl> | 2016-05-06 09:28:15 +0300 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2016-05-06 09:28:15 +0300 |
commit | 6652367d656de7e5f404935be04e10aa281add53 (patch) | |
tree | 01854232450871b4ac238500295cc55e2adf2e21 /tests | |
parent | 4921c21cff15b9ba2a5a05b2145861b01c9e85d6 (diff) |
Fix XSS issue in href attribute on area tag (#5240, #5241)
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Framework/Washtml.php | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php index 9515f0d7a..2e681791c 100644 --- a/tests/Framework/Washtml.php +++ b/tests/Framework/Washtml.php @@ -38,6 +38,23 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase } /** + * Test XSS in area's href (#5240) + */ + function test_href_area() + { + $html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">' + . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>' + . '<area href="javascript:alert(document.domain)" shape=default>'; + + $washer = new rcube_washtml; + $washed = $washer->wash($html); + + $this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href"); + $this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href"); + $this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href"); + } + + /** * Test handling HTML comments */ function test_comments() |