From ff3b9ca1308056b2c939ce77fbea1c4665f3619e Mon Sep 17 00:00:00 2001
From: Charlie Somerville <charlie@charliesomerville.com>
Date: Wed, 13 Feb 2013 09:09:53 +1100
Subject: fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]

---
 actionpack/test/template/html-scanner/sanitizer_test.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'actionpack/test/template/html-scanner')

diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb
index 844484ee47..4e2ad4e955 100644
--- a/actionpack/test/template/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/template/html-scanner/sanitizer_test.rb
@@ -256,6 +256,11 @@ class SanitizerTest < ActionController::TestCase
     assert_equal '', sanitize_css(raw)
   end
 
+  def test_should_sanitize_across_newlines
+    raw = %(\nwidth:\nexpression(alert('XSS'));\n)
+    assert_equal '', sanitize_css(raw)
+  end
+
   def test_should_sanitize_img_vbscript
     assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />'
   end
-- 
cgit v1.2.3