Testcases for Recent XSS flaws
Testcases for unsanitized chunk-handling.
This commit is contained in:
parent
d0e834978a
commit
3f5d804c22
1 changed files with 16 additions and 0 deletions
|
@ -230,6 +230,12 @@ class PageRendererTest < Test::Unit::TestCase
|
|||
"Do not <nowiki>mark \n up [[this text]] \n" +
|
||||
"and http://this.url.com </nowiki> but markup [[this]]")
|
||||
end
|
||||
|
||||
def test_sanitize_nowiki_tag
|
||||
assert_markup_parsed_as(
|
||||
'<p>[[test]]&<a href=\'a&b\'>shebang</a> <script>alert("xss!");</script> *foo*</p>',
|
||||
'<nowiki>[[test]]&<a href="a&b">shebang</a> <script>alert("xss!");</script> *foo*</nowiki>')
|
||||
end
|
||||
|
||||
def test_content_with_bracketted_wiki_word
|
||||
set_web_property :brackets_only, true
|
||||
|
@ -369,6 +375,16 @@ class PageRendererTest < Test::Unit::TestCase
|
|||
assert_equal 'NewPageCategory', references[0].referenced_name
|
||||
assert_equal WikiReference::CATEGORY, references[0].link_type
|
||||
end
|
||||
|
||||
def test_references_creation_sanitized_categories
|
||||
new_page = @web.add_page('NewPage', "Foo\ncategory: <script>alert('XSS');</script>",
|
||||
Time.local(2004, 4, 4, 16, 50), 'AlexeyVerkhovsky', test_renderer)
|
||||
|
||||
references = new_page.wiki_references(true)
|
||||
assert_equal 1, references.size
|
||||
assert_equal "<script>alert('XSS');</script>", references[0].referenced_name
|
||||
assert_equal WikiReference::CATEGORY, references[0].link_type
|
||||
end
|
||||
|
||||
def test_rendering_included_page_under_different_modes
|
||||
included = @web.add_page('Included', 'link to HomePage', Time.now, 'AnAuthor', test_renderer)
|
||||
|
|
Loading…
Reference in a new issue