diff options
author | Aleksander Machniak <alec@alec.pl> | 2019-08-27 16:33:23 +0300 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2019-08-27 16:33:23 +0300 |
commit | 63730cf84229cede81792c6dbeb84c169bafd193 (patch) | |
tree | 094cab2dba749edb1ad2a1803e6d34d6697e77a6 /tests | |
parent | 057fb69bb9ac93aa069b064aedc3a7fe02ceb873 (diff) |
Fix security issue where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Framework/Utils.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php index 22cf9c581..3df90ffd0 100644 --- a/tests/Framework/Utils.php +++ b/tests/Framework/Utils.php @@ -256,6 +256,8 @@ class Framework_Utils extends PHPUnit_Framework_TestCase @media screen and (max-width: 699px) and (min-width: 520px) { li a.button { padding-left: 30px; } } + :root * { color: red; } + :root > * { top: 0; } '; $mod = rcube_utils::mod_css_styles($css, 'rc', true, 'test'); @@ -268,6 +270,9 @@ class Framework_Utils extends PHPUnit_Framework_TestCase $this->assertContains('#rc p > i ', $mod); $this->assertContains('#rc div#testsome', $mod); $this->assertContains('#rc li a.testbutton', $mod); + $this->assertNotContains(':root', $mod); + $this->assertContains('#rc * ', $mod); + $this->assertContains('#rc > * ', $mod); } function test_xss_entity_decode() |