Merge branch 'rs-sanitize-unicode-in-protocol' into 'security-10-0'

[10.0] Prevent a persistent XSS in user-provided markup See merge request gitlab/gitlabhq!2199
author: Douwe Maan <douwe@gitlab.com> 2017-09-27 12:18:32 +0300
committer: Stan Hu <stanhu@gmail.com> 2017-10-16 07:51:44 +0300
commit: 59948731d65fbb9cac116d6a3d57207a2bb81794 (patch)
tree: 33400eaac81421f2ed14867a31a7ae6f2ca313d6 /spec
parent: e4884d9d2b4bd540e60d32a012a90ff6c21ba17c (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb
index 5f41e28fece..17a620ef603 100644
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -217,6 +217,11 @@ describe Banzai::Filter::SanitizationFilter do
         output: '<img>'
       },
 
+      'protocol-based JS injection: Unicode' => {
+        input: %Q(<a href="\u0001java\u0003script:alert('XSS')">foo</a>),
+        output: '<a>foo</a>'
+      },
+
       'protocol-based JS injection: spaces and entities' => {
         input:  '<a href=" &#14;  javascript:alert(\'XSS\');">foo</a>',
         output: '<a href="">foo</a>'
author	Douwe Maan <douwe@gitlab.com>	2017-09-27 12:18:32 +0300
committer	Stan Hu <stanhu@gmail.com>	2017-10-16 07:51:44 +0300
commit	59948731d65fbb9cac116d6a3d57207a2bb81794 (patch)
tree	33400eaac81421f2ed14867a31a7ae6f2ca313d6 /spec
parent	e4884d9d2b4bd540e60d32a012a90ff6c21ba17c (diff)