diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-18 10:17:04 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-18 10:17:04 -0700 |
| commit | afcd01bf25c0d7742d07b10dd8a465cffef4b9fe (patch) | |
| tree | a486bd447e95fb4e8b1cbc195c28b23efd335a1c /actionpack/test/template/html-scanner | |
| parent | 491d6916c976c40bb8e0f0992f35d85ff7169d89 (diff) | |
| parent | a4b55827721a5967299f3c1531afb3d6d81e4ac0 (diff) | |
| download | rails-afcd01bf25c0d7742d07b10dd8a465cffef4b9fe.tar.gz rails-afcd01bf25c0d7742d07b10dd8a465cffef4b9fe.tar.bz2 rails-afcd01bf25c0d7742d07b10dd8a465cffef4b9fe.zip | |
Merge branch '3-2-13' into 3-2-stable
* 3-2-13:
bumping to 3.2.13
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets
bumping to rc2
Revert "Merge pull request #8209 from senny/backport_8176"
Freeze columns only once per Result
Preparing for 3.2.13.rc1 release
Update CHANGELOGs for 3.2.13 release.
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
Diffstat (limited to 'actionpack/test/template/html-scanner')
| -rw-r--r-- | actionpack/test/template/html-scanner/sanitizer_test.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb index 844484ee47..dee60c9d00 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -176,6 +176,7 @@ class SanitizerTest < ActionController::TestCase %(<IMG SRC="jav
ascript:alert('XSS');">), %(<IMG SRC="jav
ascript:alert('XSS');">), %(<IMG SRC="  javascript:alert('XSS');">), + %(<IMG SRC="javascript:alert('XSS');">), %(<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>)].each_with_index do |img_hack, i| define_method "test_should_not_fall_for_xss_image_hack_#{i+1}" do assert_sanitized img_hack, "<img>" @@ -256,6 +257,11 @@ class SanitizerTest < ActionController::TestCase assert_equal '', sanitize_css(raw) end + def test_should_sanitize_across_newlines + raw = %(\nwidth:\nexpression(alert('XSS'));\n) + assert_equal '', sanitize_css(raw) + end + def test_should_sanitize_img_vbscript assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />' end @@ -276,6 +282,15 @@ class SanitizerTest < ActionController::TestCase assert_sanitized "<span class=\"\\", "<span class=\"\\\">" end + def test_x03a + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="http://legit">), %(<a href="http://legit">) + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="http://legit">), %(<a href="http://legit">) + end + protected def assert_sanitized(input, expected = nil) @sanitizer ||= HTML::WhiteListSanitizer.new |