diff options
author | Charlie Somerville <charlie@charliesomerville.com> | 2013-02-13 09:09:53 +1100 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-15 17:45:53 -0700 |
commit | 8be6913990c30f63618173da722148892348dcc9 (patch) | |
tree | 723e829be1cbabe93e0e4a9d09a13501f73aab3d /actionpack/test/template/html-scanner/sanitizer_test.rb | |
parent | 5dc2e3531babcbdc165884d1a47cbcd13455522d (diff) | |
download | rails-8be6913990c30f63618173da722148892348dcc9.tar.gz rails-8be6913990c30f63618173da722148892348dcc9.tar.bz2 rails-8be6913990c30f63618173da722148892348dcc9.zip |
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
Diffstat (limited to 'actionpack/test/template/html-scanner/sanitizer_test.rb')
-rw-r--r-- | actionpack/test/template/html-scanner/sanitizer_test.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb index d9b57776c9..65eb41e839 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -279,6 +279,11 @@ class SanitizerTest < ActionController::TestCase assert_equal '', sanitize_css(raw) end + def test_should_sanitize_across_newlines + raw = %(\nwidth:\nexpression(alert('XSS'));\n) + assert_equal '', sanitize_css(raw) + end + def test_should_sanitize_img_vbscript assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />' end |