diff options
author | Douwe Maan <douwe@gitlab.com> | 2017-09-27 12:18:32 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2017-10-16 07:51:44 +0300 |
commit | 59948731d65fbb9cac116d6a3d57207a2bb81794 (patch) | |
tree | 33400eaac81421f2ed14867a31a7ae6f2ca313d6 /spec | |
parent | e4884d9d2b4bd540e60d32a012a90ff6c21ba17c (diff) |
Merge branch 'rs-sanitize-unicode-in-protocol' into 'security-10-0'
[10.0] Prevent a persistent XSS in user-provided markup
See merge request gitlab/gitlabhq!2199
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/banzai/filter/sanitization_filter_spec.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb index 5f41e28fece..17a620ef603 100644 --- a/spec/lib/banzai/filter/sanitization_filter_spec.rb +++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb @@ -217,6 +217,11 @@ describe Banzai::Filter::SanitizationFilter do output: '<img>' }, + 'protocol-based JS injection: Unicode' => { + input: %Q(<a href="\u0001java\u0003script:alert('XSS')">foo</a>), + output: '<a>foo</a>' + }, + 'protocol-based JS injection: spaces and entities' => { input: '<a href="  javascript:alert(\'XSS\');">foo</a>', output: '<a href="">foo</a>' |