diff options
author | Charlie Somerville <charlie@charliesomerville.com> | 2013-02-13 09:09:53 +1100 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-15 17:48:12 -0700 |
commit | ff3b9ca1308056b2c939ce77fbea1c4665f3619e (patch) | |
tree | 966d2e76ed1a1ea924d6e18933a470cbbda50563 /actionpack/test/template/html-scanner/sanitizer_test.rb | |
parent | f980289fd2c1b9073a94b5d49b780a49f5e2933c (diff) | |
download | rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.tar.gz rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.tar.bz2 rails-ff3b9ca1308056b2c939ce77fbea1c4665f3619e.zip |
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
Diffstat (limited to 'actionpack/test/template/html-scanner/sanitizer_test.rb')
-rw-r--r-- | actionpack/test/template/html-scanner/sanitizer_test.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb index 844484ee47..4e2ad4e955 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -256,6 +256,11 @@ class SanitizerTest < ActionController::TestCase assert_equal '', sanitize_css(raw) end + def test_should_sanitize_across_newlines + raw = %(\nwidth:\nexpression(alert('XSS'));\n) + assert_equal '', sanitize_css(raw) + end + def test_should_sanitize_img_vbscript assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />' end |