fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]

author: Charlie Somerville <charlie@charliesomerville.com> 2013-02-13 09:09:53 +1100
committer: Aaron Patterson <aaron.patterson@gmail.com> 2013-03-15 17:45:53 -0700
commit: 8be6913990c30f63618173da722148892348dcc9 (patch)
tree: 723e829be1cbabe93e0e4a9d09a13501f73aab3d /actionpack/test/template/html-scanner/sanitizer_test.rb
parent: 5dc2e3531babcbdc165884d1a47cbcd13455522d (diff)
download: rails-8be6913990c30f63618173da722148892348dcc9.tar.gz
rails-8be6913990c30f63618173da722148892348dcc9.tar.bz2
rails-8be6913990c30f63618173da722148892348dcc9.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb
index d9b57776c9..65eb41e839 100644
--- a/actionpack/test/template/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/template/html-scanner/sanitizer_test.rb
@@ -279,6 +279,11 @@ class SanitizerTest < ActionController::TestCase
     assert_equal '', sanitize_css(raw)
   end
 
+  def test_should_sanitize_across_newlines
+    raw = %(\nwidth:\nexpression(alert('XSS'));\n)
+    assert_equal '', sanitize_css(raw)
+  end
+
   def test_should_sanitize_img_vbscript
     assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />'
   end
author	Charlie Somerville <charlie@charliesomerville.com>	2013-02-13 09:09:53 +1100
committer	Aaron Patterson <aaron.patterson@gmail.com>	2013-03-15 17:45:53 -0700
commit	8be6913990c30f63618173da722148892348dcc9 (patch)
tree	723e829be1cbabe93e0e4a9d09a13501f73aab3d /actionpack/test/template/html-scanner/sanitizer_test.rb
parent	5dc2e3531babcbdc165884d1a47cbcd13455522d (diff)
download	rails-8be6913990c30f63618173da722148892348dcc9.tar.gz rails-8be6913990c30f63618173da722148892348dcc9.tar.bz2 rails-8be6913990c30f63618173da722148892348dcc9.zip