diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-15 15:04:00 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-15 17:46:34 -0700 |
commit | e115ace02a88290d2fc707b4979f23728c300950 (patch) | |
tree | 96245393fd5f28005ad66091f88c0cc8d62890ce /actionpack/test/template | |
parent | db8b636e50ee8a138f48117e8e8ad057cc7527a4 (diff) | |
download | rails-e115ace02a88290d2fc707b4979f23728c300950.tar.gz rails-e115ace02a88290d2fc707b4979f23728c300950.tar.bz2 rails-e115ace02a88290d2fc707b4979f23728c300950.zip |
fix protocol checking in sanitization [CVE-2013-1857]
Diffstat (limited to 'actionpack/test/template')
-rw-r--r-- | actionpack/test/template/html-scanner/sanitizer_test.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb index 65eb41e839..b1c1b83807 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -200,6 +200,7 @@ class SanitizerTest < ActionController::TestCase %(<IMG SRC="jav
ascript:alert('XSS');">), %(<IMG SRC="jav
ascript:alert('XSS');">), %(<IMG SRC="  javascript:alert('XSS');">), + %(<IMG SRC="javascript:alert('XSS');">), %(<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>)].each_with_index do |img_hack, i| define_method "test_should_not_fall_for_xss_image_hack_#{i+1}" do assert_sanitized img_hack, "<img>" @@ -304,6 +305,15 @@ class SanitizerTest < ActionController::TestCase assert_sanitized "<span class=\"\\", "<span class=\"\\\">" end + def test_x03a + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="http://legit">), %(<a href="http://legit">) + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="javascript:alert('XSS');">), "<a>" + assert_sanitized %(<a href="http://legit">), %(<a href="http://legit">) + end + protected def assert_sanitized(input, expected = nil) @sanitizer ||= HTML::WhiteListSanitizer.new |