diff options
| author | Aleksander Machniak <alec@alec.pl> | 2017-05-05 12:51:23 +0300 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2017-05-05 12:51:23 +0300 |
| commit | dade48165874dc735013d918e8430e4c437b669e (patch) | |
| tree | f9ea44eb8535b7a49d83628494932656b215ed11 /tests | |
| parent | 5b741abed7a85e02196c13a5a9843bab49755eda (diff) | |
Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Framework/Utils.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php index ad81f6404..71e9f3e30 100644 --- a/tests/Framework/Utils.php +++ b/tests/Framework/Utils.php @@ -227,6 +227,10 @@ class Framework_Utils extends PHPUnit_Framework_TestCase $mod = rcube_utils::xss_entity_decode('#foo:after{content:"\003Cimg/src=x onerror=alert(2)>";}'); $this->assertNotContains('<img', $mod, "Strip (encoded) tags from content property"); + + // #5747 + $mod = rcube_utils::xss_entity_decode('<!-- #foo { content:css; } -->'); + $this->assertContains('#foo', $mod, "Strip HTML comments from content, but not the content"); } /** |