fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]

author: Charlie Somerville <charlie@charliesomerville.com> 2013-02-13 09:09:53 +1100
committer: Aaron Patterson <aaron.patterson@gmail.com> 2013-03-15 17:48:12 -0700
commit: ff3b9ca1308056b2c939ce77fbea1c4665f3619e (patch)
tree: 966d2e76ed1a1ea924d6e18933a470cbbda50563 /actionpack/test/template/html-scanner/sanitizer_test.rb
parent: f980289fd2c1b9073a94b5d49b780a49f5e2933c (diff)
download: rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.tar.gz
rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.tar.bz2
rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb
index 844484ee47..4e2ad4e955 100644
--- a/actionpack/test/template/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/template/html-scanner/sanitizer_test.rb
@@ -256,6 +256,11 @@ class SanitizerTest < ActionController::TestCase
     assert_equal '', sanitize_css(raw)
   end
 
+  def test_should_sanitize_across_newlines
+    raw = %(\nwidth:\nexpression(alert('XSS'));\n)
+    assert_equal '', sanitize_css(raw)
+  end
+
   def test_should_sanitize_img_vbscript
     assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />'
   end
author	Charlie Somerville <charlie@charliesomerville.com>	2013-02-13 09:09:53 +1100
committer	Aaron Patterson <aaron.patterson@gmail.com>	2013-03-15 17:48:12 -0700
commit	ff3b9ca1308056b2c939ce77fbea1c4665f3619e (patch)
tree	966d2e76ed1a1ea924d6e18933a470cbbda50563 /actionpack/test/template/html-scanner/sanitizer_test.rb
parent	f980289fd2c1b9073a94b5d49b780a49f5e2933c (diff)
download	rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.tar.gz rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.tar.bz2 rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.zip